packages
-
Malicious NPM Packages Target Roblox Users with Data-Stealing Malware
A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users…
Read More » -
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages
An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to…
Read More » -
BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers
Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called…
Read More » -
Researchers Reveal ‘Deceptive Delight’ Method to Jailbreak AI Models
Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models (LLMs)…
Read More » -
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet,…
Read More » -
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited,…
Read More » -
PyPI Repository Found Hosting Fake Crypto Wallet Recovery Tools That Steal User Data
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency…
Read More » -
Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token…
Read More » -
New PondRAT Malware Hidden in Python Packages Targets Software Developers
Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a…
Read More »