AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. [...]
Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials
North Korea's Lazarus Deploys Malicious NPM Packages to Steal DataNorth Korea's Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks.
The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets. [...]
Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems
NPM repo hijacked after former worker phished Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims.…
A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them