FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware

By: Newsroom
Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL,

48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems

By: Newsroom
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. "These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install," software supply chain security firm PhylumΒ said. All the counterfeit packages have been published by

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT

By: Newsroom
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user namedΒ Disti, is a typosquat of a legitimate package calledΒ Pathoschild.Stardew.ModBuildConfig, software supply chain security firm PhylumΒ saidΒ in a report today. While

Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

By: THN
In yet another sign that developers continue to be targets of software supply chain attacks, a number of malicious packages have been discovered on the Rust programming language's crate registry. The libraries, uploaded between August 14 and 16, 2023, were published by a user named "amaperf," PhylumΒ saidΒ in a report published last week. The names of the packages, now taken down, are as follows:

North Korean Hackers Suspected in New Wave of Malicious npm Packages

By: THN
The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack waveΒ uncovered in June, which has since beenΒ linked to North Korean threat actors. As many as nine
❌