A sophisticated and unprecedented cyber campaign has struck the heart of South Korea’s financial infrastructure. In a...
supply chain attack
Google’s Threat Intelligence Group (GTIG) has released a comprehensive analysis exposing a long-running and adaptive cyber-espionage campaign...
HelixGuard researchers have uncovered a malicious Python package uploaded to PyPI that impersonates the widely used “pyspellchecker”...
Salesforce has issued an urgent security alert after discovering unusual activity involving Gainsight-published applications connected to its...
The Socket Threat Research Team has uncovered a highly coordinated malware campaign operating across seven npm packages,...
In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered...
A sophisticated supply-chain attack has been uncovered in the NuGet package registry, where nine packages published under...
A sophisticated, self-propagating malware campaign known as GlassWorm has re-emerged, infecting three new VS Code extensions and...
Researchers at Datadog Security Research have uncovered a major supply-chain compromise in the npm ecosystem involving 17...
Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem...
Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...
The Socket Threat Research Team has uncovered an extensive supply chain attack targeting the npm ecosystem, involving...
The HelixGuard Threat Intelligence Team has uncovered a widespread supply chain compromise affecting the Visual Studio Code...
The official website of Xubuntu, a Linux distribution derived from Ubuntu, appears to have been compromised by...
Cybersecurity researchers at Koi Security have discovered the world’s first self-propagating malware targeting VS Code extensions on...
Cybersecurity researchers at Wiz Research have uncovered what they describe as a “pattern of secret leakage” affecting...
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks...
Researchers from Kandji’s Threat Intelligence team uncovered a malware campaign targeting macOS users through spoofed Homebrew installer...
The Socket Threat Research Team has sounded the alarm on an escalating wave of malicious npm activity...
The security of the open-source software supply chain was once again tested when JFrog’s security research team...
Microsoft Threat Intelligence has identified yet another variant of the XCSSET malware, a long-running macOS threat targeting...
Socket’s Threat Research Team has uncovered a supply chain attack involving two malicious Rust crates—faster_log and async_println—that...