Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Mar 28, 2025Ravie LakshmananCryptocurrency / Developer Security Cybersecurity researchers have discovered several…
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a…
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have…
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Mar 13, 2025Ravie LakshmananOpen Source / Vulnerability Meta has warned that a…
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks
OpenSSH has released security updates addressing two vulnerabilities, a man-in-the-middle (MitM) and…
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have…
PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages
Feb 03, 2025Ravie LakshmananOpen Source / Software Security The maintainers of the…
Allen AI’s Tülu 3 Just Became DeepSeek’s Unexpected Rival
The headlines keep coming. DeepSeek's models have been challenging benchmarks, setting new…
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
Jan 04, 2025Ravie LakshmananVulnerability / Software Security A high-severity security flaw has…