Google Threat Intelligence Group (GTIG) and Mandiant Consulting have released new findings on BRICKSTORM, a backdoor malware...
supply chain attack
The Python Package Index (PyPI) is once again the target of a phishing campaign aimed at maintainers,...
The Socket Threat Research Team has uncovered a new malware campaign hiding inside an npm package called...
Zscaler ThreatLabz has uncovered yet another supply chain attack against the Python Package Index (PyPI). In August...
In July 2024, cybersecurity firm CrowdStrike triggered a global-scale incident that left more than eight million PCs...
The malicious supply chain campaign dubbed “Shai-Hulud” has struck again, this time compromising multiple npm packages published...
The Socket Research Team has uncovered a large-scale supply chain attack on the npm ecosystem, with more...
Socket has detected a large-scale supply chain attack in progress targeting the npm ecosystem. The account of...
Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...
Renowned network services provider Cloudflare has also emerged as a victim in the recent Salesforce CRM attack,...
Researchers from Socket’s Threat Research Team have uncovered a dangerous npm package, nodejs-smtp, that impersonates the widely...
Trend Micro researchers have detailed a sophisticated cyber-espionage operation, dubbed TAOTH, which leverages hijacked software updates and...
ReversingLabs researchers have uncovered a dangerous loophole in the Visual Studio Code (VS Code) Marketplace that allows...
The StepSecurity research team has issued a warning about a large-scale supply chain attack involving the popular...
The open-source ecosystem has once again been exploited to distribute malicious software. Socket’s Threat Research Team has...
Kudelski Security has published a detailed write-up of a critical vulnerability discovered in CodeRabbit, the most installed...
Zscaler’s ThreatLabz team has issued a warning after uncovering a malicious Python package on the Python Package...
The Python Package Index (PyPI) is taking a significant step toward securing the open-source software supply chain...
The Python Package Index (PyPI) has announced a set of new upload restrictions aimed at protecting Python...
Socket’s Threat Research Team has revealed a long-running supply chain attack in the RubyGems ecosystem, where a...
GitLab’s Vulnerability Research team has exposed a sophisticated cryptocurrency theft campaign targeting the Bittensor decentralized AI network...
Socket’s Threat Research Team has uncovered an alarming wave of malicious Go packages—some still live on GitHub—designed...