Threats Tagged 'dependency confusion'
View all threats tagged with 'dependency confusion'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'dependency confusion'
Click on any threat for detailed analysis and mitigation recommendations
Malicious npm packages abuse dependency confusion to profile developer environments 0 Microsoft Threat Intelligence has identified an active supply chain attack involving malicious npm packages that exploit dependency confusion. These packages, published under aliases mimicking legitimate organizational namespaces, execute obfuscated reconnaissance payloads via npm lifecycle hooks to collect system information, environment variables, and developer credentials. The campaign targets Windows, macOS, and Linux platforms and includes CI/CD detection bypass features. While currently operating in reconnaissance-only mode, the architecture supports server-side toggling for potential full exploitation. The malicious packages connect to a common command-and-control server and deploy a JavaScript dropper for environment fingerprinting. Forensic evidence links all malicious accounts to a single operator. No known exploits in the wild have been reported, and no official patch or remediation guidance is currently available. Join the discussion | AlienVault OTX General | 05/30/2026, 06:07:03 UTC Added: 06/02/2026, 09:48:42 UTC |
Showing 1 to 1 of 1 result