SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack…
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a…
Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide
Mar 07, 2025Ravie LakshmananMalvertising / Open Source Microsoft has disclosed details of…
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor…
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention…
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to…
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been…
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Cybersecurity researchers have discovered a malicious package on the npm package registry…
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack…