Security News
A scary few Halloween hours for team behind hugely popular web plugin LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account...
The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency. [...]
LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]
Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply...
Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts...
Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Australia's Federal Police (AFP) yesterday arrested and charged a...
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. [...]
Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to...
With the increasing reliance on complex and global supply chains, more companies are exposed to a wide range of risks, including theft, counterfeiting, cyberattacks, natural disasters, geopolitical conflicts, and regulatory changes. This customizable policy, written by Franklin Okeke for TechRepublic Premium, outlines the necessary measures and standards that will enhance the resilience of a supply chain.
Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply chain security firm ReversingLabs said.