About

Latest typosquatting news


CORS for concern

Tesla tackles misconfigurations that left internal networks vulnerable05 January 2023CORS for concernTesla tackles misconfigurations that left internal networks vulnerable

All Day DevOps

Third of Log4j downloads still pull vulnerable version despite growing awareness of supply chain attacks14 November 2022All Day DevOpsThird of Log4j downloads still pull vulnerable version despite growing awareness of supply chain attacks

‘We’re still fighting last decade’s battle’

Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain22 July 2022‘We’re still fighting last decade’s battle’Sonatype CTO Brian Fox on the struggle to secure the neglected software supply chain

Poisoned packages

NPM developer reputations could be leveraged to legitimize malicious software03 May 2022Poisoned packagesNPM developer reputations could be leveraged to legitimize malicious software

African banking sector targeted by malware campaign

13 April 2022African banking sector targeted by malware campaignAttackers use HTML smuggling techniques to hide malicious files in fake job opportunities

PyPI admins remove malicious packages after 10k downloads

14 December 2021PyPI admins remove malicious packages after 10k downloadsTwo packages lay undiscovered for 10 months

UA-Parser-JS

NPM package poisoned with password-stealing malware25 October 2021UA-Parser-JSNPM package poisoned with password-stealing malware

Coronavirus scams

Snake oil Covid-19 treatment sites seized by US authorities20 July 2021Coronavirus scamsSnake oil Covid-19 treatment sites seized by US authorities

NIST charts course towards more secure supply chains for government software

18 June 2021NIST charts course towards more secure supply chains for government softwarePreliminary ideas emerge for more effective, ecosystem-wide standards and guidelines

Dependency confusion profusion

Open source software repositories play ‘whack-a-mole’ as copycats exceed 5,00005 March 2021Dependency confusion profusionOpen source software repositories play ‘whack-a-mole’ as copycats exceed 5,000

Suspicious finds

Golang typosquatting package relays system information to China01 March 2021Suspicious findsGolang typosquatting package relays system information to China

Dependency confusion

Novel supply chain attack detected in the wild just days after disclosure19 February 2021Dependency confusionNovel supply chain attack detected in the wild just days after disclosure

O365 Squatting

Tool finds malicious domains before they’re used in phishing campaigns11 December 2020O365 SquattingTool finds malicious domains before they’re used in phishing campaigns

Malicious NPM packages broadcast sensitive user data

06 October 2020Malicious NPM packages broadcast sensitive user dataNew research shows how typosquatting doesn’t just apply to web domains

Fowl play

Avoid being stuffed by cybercriminals this Thanksgiving27 November 2019Fowl playAvoid being stuffed by cybercriminals this Thanksgiving

Domain squatting malfeasance ratchets up ahead of US presidential election

Typo traps promote rival candidates16 October 2019Domain squatting malfeasance ratchets up ahead of US presidential electionTypo traps promote rival candidates

Six arrested in connection with $27m typosquatting scam

Fake crypto-exchange site thought to have claimed 4,000 victims26 June 2019Six arrested in connection with $27m typosquatting scamFake crypto-exchange site thought to have claimed 4,000 victims

Dark web typosquatters raking in a fortune

26 March 2019Dark web typosquatters raking in a fortuneTor users are being duped by doppelgänger domains