Threat actors phished Qix’s NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.
The original article found on darkreading Read More
Socket’s Threat Research Team has uncovered a deceptive Go module named golang-random-ip-ssh-bruteforce, which masquerades as an efficient SSH brute-forcing tool but secretly exfiltrates stolen credentials […]
Malware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a […]
A massive supply chain attack compromised 18 highly popular npm packages, which collectively received two billion weekly downloads, deploying sophisticated browser-based malware designed to steal […]