Hoo e ka bang beke e 'ngoe le e 'ngoe, litsamaiso tsa rona tsa ho lemoha malware li hlahloba liphutheloana tse likete tse ncha le tse ntlafalitsoeng ho pholletsa le li-registry tsa sechaba joalo ka npm le PyPI. Beke ena e ne e le mokhelo.
Re netefalitse liphutheloana tse fetang 130 tse kotsi pakeng tsa la 7 Phuptjane le la 12 Phuptjane, 2026, haholo-holo ho pholletsa le npm, ka linyeoe tse ling ho PyPI. Tse 'maloa li hlahile ka lihlopha tse kopanetsoeng, litokollo tse mpe tse phetoang khafetsa tse hatisitsoeng tlas'a mabitso a tšoanang kapa malapeng a liphutheloana tse amanang haufi-ufi.
Nyeoe e ikhethang bekeng ena e ne e le sensivity, e ileng ea tlala npm ka liphetolelo tse fetang 40 tse lokollotsoeng ho pholletsa le mefuta ea 2.5.x, e tiisitsoeng ka matsatsi a mangata. Lihlopha tse ling tse hlahelletseng li ne li kenyelletsa leqhubu la @solana-labs Li-typosquat tse shebaneng le tikoloho ea Solana (web3.js, web3-js, etherjs, spl-toke, ancor, web3js - ho pholletsa le matšolo a mabeli a arohaneng a phatlalatso ka la 7 Phuptjane le la 8 Phuptjane), @nstrlabs lelapa (sdk, ixel, utils, shared-components, api-client, auth - tlhaselo ea pherekano ea ho itšetleha khahlanong le sebaka sa lebitso sa sephutheloana sa ka hare), e @klapp-login-platform sehlopha (native-sdk, oidc, litsela — ho etsisa sethala sa netefatso), internallib_v557 'me internallib_v984 (mefuta e mengata ea baikhakanyi ba ka hare ba laeborari ba patiloeng), pocteszep (Mefuta e 6 e phatlalalitsoe ka la 11 Phuptjane), le sehlopha sa lits'ebeletso tsa crypto le Web3 ho kenyeletsoa blockchain-helper-0, ethereum-kit-1, ethereum-kit-9, crypto-utils-7, wallet-sdk-9, defi-tools-39, swap-sdk-87, 'me farming-tools-12. The morningstar-design-system sephutheloana se hlahile ka mefuta e meraro ka la 10 Phuptjane, se etsisa sistimi e tsebahalang ea moralo oa lichelete. Ho PyPI, helixagentai, telegramlite, 'me cdjeez li tiisitsoe beke kaofela.
Tsena e ne e se lintho tse sa tloaelehang tse ikhethileng. Se ileng sa hlahella bekeng ena e ne e le pokello ea litlhaselo tsa pherekano ea ho itšetleha ka batho ba bang khahlanong le libaka tsa mabitso tsa ka hare tsa liphutheloana, khatiso e tsoelang pele ea matsatsi a mangata ea sensivity sehlopha, le ho tswela pele ho shebana le Web3 le Solana tooling, e leng mohlala o potlakileng haholo ka 2026.
Setšoantšo sena sa beke le beke ke karolo ea Malicious Code Digest ea rona e tsoelang pele, moo re netefatsang litšokelo tse ncha le ho fana ka bohlale bo sebetsang ho thusa lihlopha tsa DevSecOps ho sireletsa tsa tsona. pipelinepele tshenyo e etsahala.
A re hlaloseng seo re se fumaneng bekeng ena le hore na ke hobane'ng ha se le bohlokoa.
Se ke oa Lumella Liphutheloana tse Kotsi ho Finyella Tlhahiso
Liphutheloana tseo lihlopha tsa hau li itšetlehileng ka tsona li ntse li sebelisoa haholoanyane e le sebaka sa ho kena. Tlhahlobo ea Malware ea Xygeni Pele e beha leihlo li-registry ka nako ea sebele, kahoo litšokelo tse kang tse ho shebiloeng bekeng ena lia thibeloa pele li fihla mehahong ea hau.
Liphihlelo tsa beke ena ke khopotso ea hore maqiti a ntse a etsoa ka boomo haholoanyane. Ho tlala ha liphetolelo, ho etsisa sebaka sa mabitso, le matšolo a hlophisitsoeng a matsatsi a mangata ha se linyeoe tse ka bang kotsi, ke tsona tse standard Buka ea ho bapala ea bahlaseli. Ho hlahloba hanngoe le ho hlahloba ka letsoho ha ho khone ho tsamaisana le matšolo a phatlalatsang mefuta e mengata matsatsing a mangata le lirejistring ka nako e le 'ngoe.
Xygeni's Open Source Security Tharollo e fa lihlopha tsa hau tsa DevSecOps ponahalo e tsoelang pele ho pholletsa le npm, PyPI, le ho feta moo, ho lemoha liphutheloana tse kotsi nakong ea phatlalatso, ho beha pele se bakang kotsi ea 'nete e ka sebelisoang, le ho khutsufatsa tsela ho tloha ho fumanoeng ho ea tokisong. Kahoo lihlopha tsa hau li ka romela ka potlako ntle le ho beha kotsing ts'ireletsong.




