packages

December 18, 2021

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally…
Read More »
December 15, 2021

Microsoft Issues Windows Update to Patch Zero-Day Used to Spread Emotet Malware

Microsoft has rolled out Patch Tuesday updates to address multiple security vulnerabilities in Windows and other software, including one actively…
Read More »
December 13, 2021

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Threat actors are actively weaponizing unpatched servers affected by the newly identified “Log4Shell” vulnerability in Log4j to install cryptocurrency miners,…
Read More »
December 9, 2021

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious…
Read More »
November 19, 2021

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times…
Read More »
November 10, 2021

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored

In what’s yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative weekly…
Read More »

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability

Microsoft Issues Windows Update to Patch Zero-Day Used to Spread Emotet Malware

Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Two NPM Packages With 22 Million Weekly Downloads Found Backdoored