This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Cyber Attack Due to Malicious Open-source Package

Security Boulevard


Open-source tools and packages are an essential part of the modern software development ecosystem. They are widely used by developers to speed up the development process and reduce the amount of work required to build complex systems. However, this convenience comes at a cost. Open-source packages can be compromised by attackers to deliver malicious software and infect websites and organization networks. In this blog, we will explore the potential risks of using open-source packages and the ways to prevent them.

What is an open-source package?

An open-source package is a piece of software that is freely available to anyone to use, modify, and distribute. These packages can be found in repositories like NPM, Maven, or PyPI and are an integral part of modern software development. They are built by developers worldwide and often serve as building blocks for larger projects.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information