packages
-
Researchers Hijack Popular NPM Package with Millions of Downloads
Supply Chain / Software Security A popular npm package with more than 3.5 million weekly downloads has been found vulnerable…
Read More » -
Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps
Ad Fraud / Malware Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads…
Read More » -
Python Developers Beware: Clipper Malware Found in 450+ PyPI Packages!
Cryptocurrency / Software Security Malicious actors have published more than 451 unique Python packages on the official Python Package Index…
Read More » -
Enigma, Vector, and TgToxic: The New Threats to Cryptocurrency Users
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait…
Read More » -
Researchers Uncover Obfuscated Malicious Code in PyPI Python Packages
Supply Chain / Software Security Four different rogue packages in the Python Package Index (PyPI) have been found to carry…
Read More » -
NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices
Encryption / IoT Security The U.S. National Institute of Standards and Technology (NIST) has announced that a family of authenticated…
Read More » -
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
Network Security / Vulnerability F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS)…
Read More » -
Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems
Jan 17, 2023Ravie LakshmananSoftware Security / Supply Chain A threat actor by the name Lolip0p has uploaded three rogue packages…
Read More » -
Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls
Jan 09, 2023Ravie LakshmananNetwork Security / Supply Chain In yet another campaign targeting the Python Package Index (PyPI) repository, six…
Read More » -
PyTorch Machine Learning Framework Compromised with Malicious Dependency
Jan 02, 2023Ravie LakshmananSupply Chain / Machine Learning The maintainers of the PyTorch package have warned users who have installed…
Read More »