One Article Review
| Source |  The Hacker News |
|---|---|
| Identifiant | 7433643 |
| Date de publication | 2022-10-13 17:30:00 (vue: 2022-10-13 13:05:39) |
| Titre | New Timing Attack Against NPM Registry API Could Expose Private Packages |
| Texte | A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them," |
| Notes | |
| Envoyé | Oui |
| Condensat | actors against api attack can chain could creating detect developers disclose discovered downloading employees exploited expose list masquerade names new novel npm organizations package packages packages and possible potentially private public putting registry risk supply them then threat threats timing tricking used users scoped |
| Tags | Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.