|
|
|
|
|
|
by Phelinofist
42 days ago
|
|
|
> since a malicious npm package already installed can get its payloads from a C2 server, it doesn't need an npm update In general I agree, but I think these two vulns are 0day-y and pretty much every major distro is affected AFAIU, so there is perhaps slightly more potential than usual |
|
|