News

The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using ...

Shamos malware tricks Mac users with fake fixes

Cybercriminals use fake troubleshooting websites to trick Mac users into running terminal commands that install Shamos malware through ClickFix tactics.
Ervik.as

Wormable Malware Causing Supply Chain Compromise of npm Code Packages

Reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by Wormable Malware as part of a ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...

Google confirms fraudulent account created in law enforcement portal

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law ...
TechJuice

Massive npm Supply-Chain Attack: Shai-Hulud Worm Infects Over 180 Packages

A new self-replicating worm dubbed Shai-Hulud has compromised over 180 npm packages, stealing credentials and spreading ...

First npm worm "Shai-Hulud" released in supply chain attack

A new supply chain attack on npm, the node package manager, has injected the first malware with self-replicating worm ...

This Chrome VPN extension secretly spies on you

Chrome extension spyware disguised as a free VPN service highlights security risks after it captured private browsing data ...

Dev tool startup Blacksmith Software gets $10M to accelerate continuous integration

A startup called Blacksmith Software Inc. wants to eliminate the inefficiencies around building and testing new software ...

New NPM attack: Self-replicating malware infects dozens of packages

It is possible that the attackers behind this attack are the same ones as last time. Their malicious code bears the name of a prominent science fiction monster.