News

The Hacker News1d
PyPI, npm, and AI Tools Exploited in Malware Surge Targeting DevOps and Cloud Environments
Malware-laced PyPI and npm packages steal developer credentials, CI/CD data, and crypto wallets. Attacks target macOS, AI ...
Malware found in NPM packages with 1 million weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were ...
GovInfoSecurity10h
Malicious PyPI Package Targets Developer Credentials
Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said ...
CSO Online18h
Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets
Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter ...
The Hacker News8d
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls ...
Misspelled a site's name? Cybercriminals are exploiting this to infect your computer with malware - here's how to stay safe
A single typo could let hackers hijack your system using malware hidden in fake packages Cross-platform malware now fools ...
Malicious RubyGems pose as Fastlane to steal Telegram API data
Two malicious RubyGems packages posing as popular Fastlane CI/CD plugins redirect Telegram API requests to ...
TechRadar23d
NPM users warned dozens of malicious packages aim to steal host and network data
Cybersecurity researchers Socket have warned of multiple malicious packages hosted on NPM, stealing sensitive user data and relaying it to the attackers. In a blog post, Socket said it identified ...
TMCnet8d
Anaconda Partners with Databricks to Bridge Security and Governance Gaps in Enterprise AI Development
Today's enterprises invest millions in AI adoption, but they still struggle to deploy successfully due to three critical challenges: dependency blindspots creating a productivity imperative, crippling ...
What is a supply chain attack in crypto and how to prevent it?
Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.