News

CSO Online3d
Supply chain attack compromises npm packages to spread backdoor malware
In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing ...
Supply-chain attacks on open source software are getting out of hand
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with ...
The Hacker News6d
3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics
Further dissection has determined that over 3,500 websites have been ensnared in the sprawling illicit crypto mining effort, with the domain hosting the JavaScript miner also linked to Magecart credit ...
CSO Online4d
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
DLL-based malware targets Windows users after a phishing campaign tricked the maintainer into leaking a token.
The Register on MSN2d
Not pretty, not Windows-only: npm phishing attack laces popular packages with malware
The "is" package was infected with cross-platform malware after a scam targeting maintainers The popular npm package "is" was ...