packages
-
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys…
Read More » -
Npm Trojan Bypasses UAC, Installs AnyDesk with “Oscompatible” Package
A malicious package uploaded to the npm registry has been found deploying a sophisticated remote access trojan on compromised Windows…
Read More » -
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host…
Read More » -
Three Ways To Supercharge Your Software Supply Chain Security
Section four of the “Executive Order on Improving the Nation’s Cybersecurity” introduced a lot of people in tech to the…
Read More » -
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
Three new malicious packages have been discovered in the Python Package Index (PyPI) open-source repository with capabilities to deploy a…
Read More » -
Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks
Microsoft on Thursday said it’s once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat…
Read More » -
Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts
Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing…
Read More » -
15,000 Go Module Repositories on GitHub Vulnerable to Repojacking Attack
New research has found that over 15,000 Go module repositories on GitHub are vulnerable to an attack called repojacking. “More…
Read More »