JavaScript - Security Ticks

Package hallucination: LLMs may deliver malicious code to careless devs

Artificial Intelligence, Don't miss, Hot stuff, JavaScript, LLMs, Malware, News, programming, Python, software development / SecurityTicks

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software […]

React to this headline:

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection / SecurityTicks

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Solana’s popular web3.js library backdoored in supply chain compromise

account hijacking, Cryptocurrency, cybercrime, Don't miss, Hot stuff, JavaScript, News, supply chain compromise, wall / SecurityTicks

Solana’s popular web3.js library backdoored in supply chain compromise 2024-12-04 at 18:03 By Zeljka Zorz A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player supply chain compromise, this attack was reportedly made possible due to compromised (phished)

React to this headline:

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

Cryptocurrency, cybercrime, Don't miss, Hot stuff, JavaScript, News, supply chain compromise / SecurityTicks

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups 2024-10-31 at 14:38 By Zeljka Zorz A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source:

React to this headline:

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups Read More »