Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » LottieFiles Issues Warning about hacked npm package “lottie-player”
Global Security

LottieFiles Issues Warning about hacked npm package “lottie-player”

AdminBy AdminOctober 31, 2024No Comments2 Mins Read
npm Package
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


October 31, 2024Ravi LakshmananCryptocurrency / Software Development

The npm package

LottieFiles discovered that its npm package ‘lottie-player’ had been compromised in a supply chain attack, prompting it to release an updated version of the library.

“Oct 30 ~18:20 UTC – LottieFiles has been notified that our popular open source npm web player package @lottiefiles/lottie-player contains unauthorized new versions with malicious code,” the company said in a statement. said in a statement on X. “This does not affect our dotlottie player and/or SaaS service.”

LottieFiles is an animation workflow platform that allows designers to create, edit, and share animations in a JSON-based animation file format called Lottie. It is also the developer of an npm package called lottery playerwhich allows Lottie animations to be embedded and played on websites.

Cyber ​​security

According to the company, “a large number of users using the library via third-party CDNs without a patched version were automatically served the compromised version as the latest release.”

The malicious versions package containing code which prompted users to connect their cryptocurrency wallets with the likely goal of merging their funds. Users using versions 2.0.5, 2.0.6 and 2.0.7 are advised to upgrade to 2.0.8.

“Versions 2.0.5, 2.0.6, 2.0.7 were published directly to https://npmjs.com within an hour using a compromised access token from a developer with the necessary privileges,” LottieFiles noted.

In addition to the patch release, three fake versions were unpublished in the npm package repository. LottieFiles said it has also activated its incident response plan and brought in an external incident response team to assist in the investigation.

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025

Business -SUCKS FOR AGENTIC AI SOC -Analytics

June 27, 2025

Transfer of person transfer is increased by threats when directed by scanning and disadvantages CVE

June 27, 2025

The malicious ONECLIK software is oriented

June 27, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025

Business -SUCKS FOR AGENTIC AI SOC -Analytics

June 27, 2025

Transfer of person transfer is increased by threats when directed by scanning and disadvantages CVE

June 27, 2025

The malicious ONECLIK software is oriented

June 27, 2025

Critical Open VSX -no -register exposes millions of developers for supply chain attacks

June 26, 2025

The new FileFix method is a threat

June 26, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

More than 1000 SOHO devices hacked in China associated with cyber-science associated with cyber

June 27, 2025

Posted and Pubshell Sarsware used in Tibet’s Mustang Panda attack

June 27, 2025

The Chinese Silver Fox Group uses fake web -sats to deliver Sainbox Rat and Hidden Rortkit

June 27, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.