Hijacked S3 buckets used in attacks on npm packages

Miscreants are using expired Amazon Web Services (AWS) S3 buckets to place malicious code into a legitimate package in the npm repository without having to tinker with any code. Software security firm Checkmarx said it began investigating after GitHub late last month posted an advisory about…

#amazonwebservices #github #guynachshon #rubygems #aws #nodejs #javascript #nodejsmodules #pypi #worried