Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...
InfoWorldOpinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we ...
InfoWorld

Open source registries signal shift toward paid models as AI strains infrastructure

The foundations said in their blog post that automated CI systems, large-scale dependency scanners, and ephemeral container ...
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...
TechJuice

NCERT Warns of Trojanized AppSuite PDF Editor That Spreads Malware Globally

Security experts warn of an AppSuite malware, TamperedChef, a trojanized PDF editor stealing data and deploying ransomware.
Infosecurity Magazine

Malicious AI Agent Server Reportedly Steals Emails

The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” ...

5 ways to spot software supply chain attacks and stop worms - before it's too late

A Dune-inspired worm recently hit CrowdStrike and npm, infecting hundreds of packages. Here's what happened - and how to protect your code.

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...

How GitHub Is Securing the Software Supply Chain

In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.
GovInfoSecurity

Phishing Campaign Lobs Malicious SVG Attachments at Ukraine

A fake police alert is the social engineering cornerstone of an ongoing phishing campaign targeting Ukrainian government ...