Hundreds of code libraries posted to NPM try to install malware on dev machines

image via arstechnica.com
image via arstechnica.com

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries there, researchers said. The malicious packages have names that are similar to legitimate ones for the Puppeteer and Bignum.js code libraries and for various libraries for working with cryptocurrency. The campaign, which was active at the time this post was going live on Ars, was reported by researchers from the security firm Phylum. The discovery comes on the heels of a similar campaign a few weeks ago targeting developers using forks of the Ethers.js library.

https://arstechnica.com/security/2024/11/javascript-developers-targeted-by-hundreds-of-malicious-code-libraries/

RIP Leap Second: Time Fix to Be Scrapped by 2035

(Credit: Getty Images/Olena Ruban)

Though unnoticed by most people, the occasional one-second adjustment can cause problems for systems that require an exact, uninterrupted flow of time.

Reddit, for instance, was down for 40 minutes in 2012 when a leap second confused the company’s servers; four years later, Cloudflare’s DNS services were interrupted due to the miniscule time change.

https://www.pcmag.com/news/rip-leap-second-time-fix-to-be-scrapped-by-2035