Malicious package previously removed are still accessible through jsdelivr and results in phishing attack Highlights: CloudGuard Spectral detected a malicious package on NPM that applied a phishing attack to gain its user’s credentials To do so, the package relied on a file from a malicious package, already detected and removed from NPM, which was still available through a popular NPM CDN service – ‘jsdelivr’ Once detected, we’ve alerted NPM and jsdelivr of the malicious package and the malicious flow NPM and jsdelivr NPM, short for Node Package Manager, is a widely used package manager for the JavaScript programming language, the […]
The post CDN Service Exposes Users to Malicious Packages for Phishing Attacks Invisible to Security Tools appeared first on Check Point Blog.
Read the original article: