Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

5 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 5 most recent headlines Filtered view

As many as 145 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk

Latest Mini Shai-Hulud Worm Steals Credentials, Includes Wiper, Now Open SourceA new Shai-Hulud variant has infected multiple npm repositories and jumped to other widely used JavaScript and Python packages. Designed to rapidly propagate, the worm steals over 100 different types of credentials and can wipe systems, including if developers try to delete it.

67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing PlatformNorth Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders.

Bank Info Security 2 years, 3 months ago

After XZ Utils, More Open-Source Maintainers Under Attack

Fresh Social Engineering Attacks Resemble Tactics Used Against XZ Utils MaintainerMajor open-source software projects are warning that more pieces of code than XZ Utils may have been backdoored by attackers, based on ongoing supply-chain attack attempts that have targeted "popular JavaScript projects," apparently seeking to trick them into sharing code maintainer rights.