Phantse qho ngeveki, iinkqubo zethu zokufumanisa ii-malware ziskena amawaka eepakethe ezintsha nezihlaziyiweyo kuzo zonke iirejista zikarhulumente ezifana ne-npm kunye ne-PyPI. Kule veki bekungekho nto ingaqhelekanga.
Siqinisekisile iipakeji ezinobuthi ezingaphezu kwe-130 phakathi kwe-7 kaJuni kunye ne-12 kaJuni 2026, ikakhulu kwi-npm, kunye nezinye iimeko kwi-PyPI. Ezininzi zivele kwiiqela ezidibeneyo, ukukhutshwa okuphindaphindiweyo kobuthi okupapashwe phantsi kwamagama afanayo okanye kwiintsapho zeepakeji ezinxulumeneyo.
Ityala elibalaseleyo kule veki beli sensivity, eyazalisa i-npm ngeenguqulelo ezingaphezu kwama-40 ezikhutshiweyo kuluhlu lwe-2.5.x, eziqinisekisiweyo kwiintsuku ezininzi. Amanye amaqela aphawulekayo aquka igagasi le @solana-labs ii-typosquats ezijolise kwi-ecosystem yeSolana (i-web3.js, i-web3-js, i-etherjs, i-spl-toke, i-ancor, i-web3js — kwiiphulo ezimbini ezahlukeneyo zokupapasha ngoJuni 7 nangoJuni 8), @nstrlabs usapho (sdk, ixel, utils, shared-components, api-client, auth - uhlaselo lokudideka kokuxhomekeka ngokuchasene nesithuba sephakheji yangaphakathi), i @klapp-login-platform group (native-sdk, oidc, routes — ezenza iqonga lokuqinisekisa), internallib_v557 kwaye internallib_v984 (iinguqulelo ezininzi zabakhohlisi bangaphakathi bethala leencwadi abangaqondakaliyo), pocteszep (Iinguqulelo ezi-6 ezipapashwe ngoJuni 11), kunye neqela leenkonzo ze-crypto kunye ne-Web3 kuquka blockchain-helper-0, ethereum-kit-1, ethereum-kit-9, crypto-utils-7, wallet-sdk-9, defi-tools-39, swap-sdk-87, yaye farming-tools-12. The morningstar-design-system iphakheji ivele kwiinguqulelo ezintathu ngoJuni 10, izenza inkqubo yoyilo lwezemali eyaziwayo. KwiPyPI, helixagentai, telegramlite, yaye cdjeez ziqinisekisiwe kulo lonke iveki.
Ezi yayingezizo izinto ezingaqhelekanga ezizodwa. Okuphawulekayo kule veki yayikukuxinana kohlaselo lokudideka kokuxhomekeka kwiindawo zamagama zephakheji zangaphakathi, ukupapashwa kweentsuku ezininzi okuqhubekayo kwe- sensivity iqela, kunye nokujoliswa okuqhubekayo kwezixhobo zeWeb3 kunye neSolana, ipateni ekhawulezileyo kakhulu ngo-2026.
Le vidiyo yeveki iyinxalenye yeMalicious Code Digest yethu eqhubekayo, apho siqinisekisa khona izisongelo ezintsha kwaye sinike ulwazi olusebenzayo ukunceda amaqela eDevSecOps akhusele pipelinengaphambi kokuba kwenzeke umonakalo.
Masichaze oko sikufumeneyo kule veki kunye nesizathu sokuba kubalulekile.
Musa Ukuvumela Iipakethe Ezinobungozi Zifikelele Kwimveliso
Iiphakheji amaqela akho axhomekeke kuzo ziya zisetyenziswa kakhulu njengendawo yokungena. Ukufunyanwa kweMalware yeXygeni kwangethuba Ijonga iirejista ngexesha langempela, ngoko ke izoyikiso ezifana nezo zikwingxelo yale veki ziyavalwa ngaphambi kokuba zifike kwizakhiwo zakho.
Iziphumo zale veki zisisikhumbuzo sokuba la maqhinga aya esenziwa nzulu ngakumbi. Ukukhukuliswa kwenguqulelo, ukulingisa indawo yamagama, kunye neephulo eziququzelelwayo zeentsuku ezininzi azisekho ziimeko ezinobungozi, zinjalo. standard Incwadi yokudlala yomhlaseli. Ukuskena kube kanye kunye nokuhlolwa ngesandla akunakuhambelana neephulo ezipapasha iinguqulelo ezininzi kwiintsuku ezininzi kunye neerejista ngaxeshanye.
IXygeni's Open Source Security Isisombululo sinika amaqela akho eDevSecOps ukubonakala okuqhubekayo kuyo yonke i-npm, iPyPI, nangaphezulu, efumanisa iipakeji eziyingozi ngexesha lokupapashwa, ebeka phambili oko kuzisa umngcipheko wokwenene onokusetyenziswa, kwaye efinyeza indlela ukusuka ekufumaneni ukuya ekulungiseni. Ukuze amaqela akho akwazi ukuthumela ngokukhawuleza ngaphandle kokubeka emngciphekweni ukhuseleko.




