Security News > 2025 > March > ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
2025-03-24 11:35
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad
News URL
https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html
Related news
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Who's calling? The threat of AI-powered vishing attacks (source)
- AI-hallucinated code dependencies become new supply chain risk (source)
- Developers Beware: Slopsquatting & Vibe Coding Can Increase Risk of AI-Powered Attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)