Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.
A threat actor used the open source security tool to deploy an infostealer into CI/CD workflows and steal cloud credentials, SSH keys, tokens, and other sensitive secrets.
The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input.
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.
The open technology tackles disinformation by verifying whether the image is real or has been modified. The standard, created to document the provenance of photos and other media, has gained steam in the past year, surpassing 500 corporate members and releasing open-source tools for developers.
The campaign is laser-targeted, bucking the trend of "spray-and-pray" malicious open source packages turning up in code repositories seemingly every other day.
In separate targeted incidents, threat actors tried to upload malware into the Node Package Manager registry to gain access and steal credentials.