A recent investigation by cybersecurity firm Phylum has uncovered a series of malicious packages within the npm registry that were disguised as legitimate software, highlighting the rising sophistication of supply chain attacks targeting open-source ecosystems. These packages were identified on July 13, 2024, and contained embedded command and control (C2) functionalities hidden within image files,
Checkmarx Researchers Uncover Unique Supply Chain Attack in NPM Using Ethereum Blockchain Checkmarx researchers have identified a distinctive supply chain attack within the NPM ecosystem, leveraging the Ethereum blockchain for its operations. The malicious package, named “jest-fet-mock,” employs multi-platform malware and utilizes Ethereum smart contracts for command-and-control (C2) activities, marking a new convergence between blockchain
GitHub has announced the release of Enterprise Server 3.13.3, which addresses several important security vulnerabilities, alongside various bug fixes and feature enhancements. This update focuses particularly on enhancing the security of GitHub Enterprise Server instances. Key Security Fixes Additional Enhancements in Version 3.13.3 Known Issues While this update enhances security and usability, GitHub has acknowledged
A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems. The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It particularly targets the Roblox
Copyright @2024 Emerging Pictures. All rights reserved.