Researchers detected a malicious update to the popular npm package rand-user-agent, used for generating randomized user-agent strings. The attacker published multiple unauthorized versions (1.0.110, 2.0.83, 2.0.84) containing heavily obfuscated code designed to covertly instal...

Researchers detected a malicious update to the popular npm package rand-user-agent, used for generating randomized user-agent strings. The attacker published multiple unauthorized versions (1.0.110, 2.0.83, 2.0.84) containing heavily obfuscated code designed to covertly instal...

Source: Wiz
Source Link: https://threats.wiz.io/all-incidents/supply-chain-compromise-of-