packages
-
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
Cybersecurity researchers have discovered a new bunch of malicious packages on the npm package registry that are designed to exfiltrate…
Read More » -
North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder
North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an…
Read More » -
Banking Sector Targeted in Open-Source Software Supply Chain Attacks
Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the…
Read More » -
North Korean State-Sponsored Hackers Suspected in JumpCloud Supply Chain Attack
An analysis of the indicators of compromise (IoCs) associated with the JumpCloud hack has uncovered evidence pointing to the involvement…
Read More » -
Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called…
Read More » -
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps
Threat actors are taking advantage of Android’s WebAPK technology to trick unsuspecting users into installing malicious web apps on Android…
Read More » -
JumpCloud Resets API Keys Amid Ongoing Cybersecurity Incident
JumpCloud, a provider of cloud-based identity and access management solutions, has swiftly reacted to an ongoing cybersecurity incident that impacted…
Read More » -
Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
The npm registry for the Node.js JavaScript runtime environment is susceptible to what’s called a manifest confusion attack that could…
Read More » -
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
A previously undocumented Windows-based information stealer called ThirdEye has been discovered in the wild with capabilities to harvest sensitive data…
Read More » -
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
Multiple SQL injection vulnerabilities have been disclosed in Gentoo Soko that could lead to remote code execution (RCE) on vulnerable…
Read More »