Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages spread via worm-like propagation and steal developer credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Malicious npm packages spread via worm-like propagation and steal developer credentials
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data
A software supply chain attack targeting Nx marks the first known case where attackers have leveraged developer AI assistants, according to StepSecurity
A new supply chain attack targets Ethereum tools, exploiting npm packages to steal sensitive data
Proofpoint researchers have found that small and medium-sized businesses are increasingly being targeted by APT actors globally