Package Managers | Breaking Cybersecurity News | The Hacker News

Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with one of the affected package managers. "This means that an attack cannot be launched directly against a developer machine from remote and requires that the developer is tricked into loading malformed files," SonarSource researcher Paul Gerste  said . "But can you always know and trust the owners of all packages that you use from the internet or company-internal repositories?" Package managers refer to  systems  or a set of tools that are used to automate installing, upgrading, configuring third-party dependencies required for developing applications. While there are inherent  security ...