Hackers Use Malicious NPM packages to Target Amazon, Slack with New Dependency Attacks
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new ‘Dependency Confusion’ vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers.
