Supply Chain Breach Hits Jscrambler NPM Package Integrity
Compromised publishing credentials allowed attackers to inject malicious binaries into widely used Jscrambler NPM versions.
22 results for “malware”
Compromised publishing credentials allowed attackers to inject malicious binaries into widely used Jscrambler NPM versions.
Federal authorities have sanctioned a specialized VPN provider and a malware cryptor vendor to disrupt ransomware supply chains.
A malicious npm package injection forced a swift cleanup, highlighting the persistent dangers of compromised build environments.
Microsoft identifies a sophisticated new backdoor, GigaWiper, which stitches together existing malware to facilitate targeted data destruction.
A sophisticated new C++ information stealer leverages legitimate Apple developer IDs to bypass Gatekeeper and harvest user credentials.
Nihon Kotsu has taken critical systems offline following a security breach that disrupted dispatch and reservation capabilities.
Microsoft identifies a sophisticated new malware strain that fuses espionage and permanent data destruction into a single, unified tool.
Threat actors are weaponizing reservation-themed emails with container files to bypass modern Microsoft Office security protections.
International authorities and private tech firms have dismantled critical infrastructure fueling the Amadey and StealC malware networks.
A newly identified macOS infostealer leverages Apple-notarized installers to bypass system security and harvest sensitive user data.
New research highlights how generative AI enables low-skilled attackers to craft custom, evasive malware payloads on demand.
A decade-long developer's device, infected nearly a year ago, likely provided the gateway for a breach of the Argentine Football Association.
A newly identified infostealer employs unconventional local authentication checks and Rust-based binaries to bypass standard defenses.
Microsoft identifies a sophisticated new Windows backdoor that merges multiple ransomware and data-wiping tools into one modular threat.
Threat actors are leveraging AI to refine and accelerate traditional attack chains, lowering the barrier to entry for complex operations.
A fix for a critical zero-day vulnerability inadvertently introduces a secondary risk that could lead to complete hard drive exhaustion.
A newly upgraded RedHook Android malware variant exploits wireless debugging settings to gain high-level shell privileges without root.
Law enforcement and tech giants dismantle a massive residential proxy network operating right inside consumer living rooms.
Sustained cyber espionage campaigns weaponize local law enforcement systems to harvest sensitive citizen data and security records.
A compromised jscrambler package release highlights how modern software pipelines are weaponized to harvest developer secrets.
A compromised developer account on GitHub allowed attackers to inject silent credential-stealing malware into a popular Web3 ecosystem.
GodDamn ransomware now exploits PoisonX, a Microsoft-signed kernel driver, to disable endpoint security, marking a critical escalation in evasion tactics.