Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious…
Open-Source AI Strikes Back With Meta’s Llama 4
In the past few years, the AI world has shifted from a…
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered…
Have We Reached a Distroless Tipping Point?
There's a virtuous cycle in technology that pushes the boundaries of what's…
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Apr 04, 2025Ravie LakshmananVulnerability / Open Source, The cascading supply chain attack…
Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts
Mar 28, 2025Ravie LakshmananCryptocurrency / Developer Security Cybersecurity researchers have discovered several…
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a…
North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
The North Korea-linked threat actor known as ScarCruft is said to have…
Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Mar 13, 2025Ravie LakshmananOpen Source / Vulnerability Meta has warned that a…