News

Infosecurity Magazine

Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets

The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source ...
Security Boulevard

Self-Replicating Worm Compromising Hundreds of NPM Packages

Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm that steals secrets like API key, tokens, and cloud credentials and sends them to external servers that ...
SecurityWeek

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent ...
Infosecurity Magazine

FileFix Campaign Using Steganography and Multistage Payloads

A rare in-the-wild FileFix campaign has been observed by cybersecurity researchers, which hides a second-stage PowerShell ...

Clever advertising scam with Android apps busted after all

A new scam to covertly retrieve advertising surprises security researchers. Google had to delete over 200 apps from the Play ...
Cryptopolitan on MSN

Binance close to DOJ deal to scrap $4.3B oversight monitor

So far, according to recent court filings, the DOJ has already terminated monitorships for three firms that agreed to them ...

Brits are better than Americans at spotting phishing scams, NordVPN study shows

A new NordVPN survey reveals that most people in the UK know how to spot a phishing website. However, many knowledge areas ...
Cybernews

Hundreds of NPM packages compromised as ongoing supply chain attack snowballs out of control

Halud, is compromising hundreds of NPM packages, spreading self-replicating malware, exfiltrating data, and turning private ...
GovInfoSecurity

Shai Hulud Burrows Into NPM Repository

An apparent "Dune" aficionado is responsible for the first self-propagating attack on the npm JavaScript repository in what one security company has ...