Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

Source: The Hacker News | Added:

Researchers have found a malicious package named termncolor in the PyPI repository that exploits a dependency called colorinal to execute malicious operations. This multi-stage malware operation enables persistence and code execution, raising concerns about supply chain security.

Impact: Not specified

In the Wild: Yes

Age: Newly disclosed

Remediation: Not specified

Read Full Original Article →