Attackers gunning for supply chains again, deploying innovative blockchain technique to hide command & control.

Software developers, especially those working with cryptocurrencies, are once again facing a supply chain attack via open source code repositories.

The aim is to infect the systems of developers who rely on these registries for their code. To hide their malicious intent, ...

Phylum noted that some unknown miscreant was using typosquat packages masquerading as Puppeteer, Bignum.js and various cryptocurrency libraries – 287 packages in total – to trick developers into ...

An ongoing attack is uploading hundreds of malicious packages to the open source node package manager (NPM) repository in an attempt to infect the devices of developers who rely on code libraries ...

Well-known open-source node package manager (NPM) registries are the target of massive attacks with malicious packages. These ...

Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain.

A malicious Python package poses as the popular 'fabric' SSH automation library and steals AWS credentials from unsuspecting ...

Checkmarx has observed a novel npm supply chain attack using Ethereum smart contracts to manage command-and-control (C2) ...

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The activity was ...

Criminals are using game-related applications to infect Windows systems with a malicious software framework called Winos4.0 ...