Hackers Post Dozens of Malicious Copycat Repos to GitHub www.darkreading.com/threat-in…

As package registries find better ways to combat cyberattacks, threat actors are finding other methods for spreading their malware to developers.

Typosquatting, dependency confusion, and other types of cyberattacks precipitated through malicious packages are old and common tricks seen constantly on platforms like npm and the Python Package Index (PyPI). According to ReversingLabs, cases have actually been declining precipitously. At the same time, though, threat actors are finding new paths for performing similar kinds of attacks.