๐ New Timing Attack Against NPM Registry API Could Expose Private Packages
๐ก Newskategorie: IT Security Nachrichten
๐ Quelle: thehackernews.com
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations'ย scoped private packagesย and then masquerade public packages, tricking employees and users into downloading them," ...