Cryptopolitan

Hackers plant 73 sleeper extensions in OpenVSX to steal crypto wallets

GlassWorm, a known malware, has put 73 harmful extensions into OpenVSX's registry. Hackers use it to steal developers' crypto ...
The Security Ledger

How Claude Planted Malicious Code In A Crypto-Trading App

A new report from ReversingLabs identified a new tactic by North Korean hackers: feeding malicious code to the AI systems ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Malware campaign lures users with fake Windows Update website

Malwarebytes recently uncovered a new malicious campaign targeting the Windows Update service. Focused on French-speaking users, the campaign uses layered obfuscation techniques to deliver multiple ...
Geopolitical Monitor

Distributed Risk: Open-Source Software as Strategic Infrastructure

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical ...
Morning Overview on MSN

North Korea-linked hackers used fake Teams updates to hit Axios npm

Hackers linked to North Korea compromised the widely used Axios npm package by tricking a maintainer into installing malware disguised as a Microsoft Teams error fix, turning one of the most popular ...
GitHub

Critical Item Duplication Exploit via Shulker Box Quick-Open Feature (Bypassable on Latest ...

This report discloses a high-severity item duplication exploit targeting CMI's shulker box quick-open functionality. The exploit can be triggered using client-side Litematica (projection/schematic mod ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL ...
cryptonews

Solana Price Prediction: After The Exploit, Is The Network Still Safe? Will Price Recover?

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never ...
MacRumors

Apple Issues Rare iOS 18 Security Update to Protect Against DarkSword Exploit

Apple today released a new build of iOS 18.7.7 and iPadOS 18.7.7, presumably with a fix for the DarkSword exploit. Apple told Wired that it would release an iOS 18 update for more devices, allowing ...
thetechedvocate.org

North Korean Hackers Exploit Axios NPM Package in Major Supply Chain Attack

The attack has raised significant concerns about the security of open-source software repositories, particularly those that house libraries and packages relied upon by millions of applications ...
TechCrunch

North Korean hackers blamed for hijacking popular Axios open source project to spread malware

A suspected North Korean hacker has hijacked and modified a popular open source software development tool to deliver malware that could put millions of developers at risk of being compromised. On ...