Introducing Chainguard Libraries for JavaScript: Malware-Resistant Dependencies Built Entirely from Source

Chainguard, the trusted foundation for software development and deployment, today announced Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript ...

Why CERT-In is warning startups and IT firms about ‘Shai-Hulud,’ a Dune-inspired malware

India’s cybersecurity agency warns of a fast-spreading npm supply chain worm, urging startups and ITes firms to secure ...

Government warns 'Shai Hulud' virus poses significant cyber threat on Indian IT systems

In, has issued a warning advising the country's startups and IT companies to be cautious of the Shai Hulud virus, which poses ...
InfoWorld

QR codes become the vehicle for malware in new technique

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially ...

North Korea's Lazarus Group shares its malware with IT work scammers

North Korean-linked crews connected to the pervasive IT worker scams have upped their malware game, using more advanced tools ...
The Hacker News

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

North Korea’s Contagious Interview spreads AkdoorTea and TsunamiKit to steal crypto and infiltrate global developers.
The Hacker News

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

CountLoader enables Russian ransomware gangs to deploy Cobalt Strike and PureHVNC RAT via Ukraine phishing campaigns.

Undetectable Malware Targeting Crypto Wallet Data Of Job Seekers: Report

An infostealer particularly focused on stealing cryptocurrency wallet data from macOS, Windows and Linux users has been ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.

GitHub moves to tighten npm security amid phishing, malware plague

GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.
Krebs on Security

Self-Replicating Worm Hits 180+ Software Packages

The novel malware strain is being dubbed Shai-Hulud — after the name for the giant sandworms in Frank Herbert’s Dune novel ...

NPM package caught using QR Code to fetch cookie-stealing malware

Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser. The package, masquerading as a utility library, leverages this ...