More results...
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused on spotting things like passwords, API keys, and other confidential data. The …
Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js packages. But in this month alone, we witnessed the compromise of popular co…
Open source software powers much of today’s technology, enabling developers around the world to build and share tools, libraries, and applications. However, the same openness that drives innovation also presents serious security challenges. Attackers r…
MacOS users looking to download popular software such as LastPass, 1Password, After Effects, Gemini, and many others are in danger of getting saddled with the Atomic infostealer instead, LastPass has warned. The malware delivery campaign is ongoing and…
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to uns…
Cybersecurity AI (CAI) is an open-source framework that helps security teams build and run AI-driven tools for offensive and defensive tasks. It’s designed for anyone working in security, including researchers, ethical hackers, IT staff, and organizati…
ReversingLabs discovers “Shai-hulud,” a self-replicating computer worm on the npm open-source registry. Learn how the malware steals developer…
The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI catchers or Stingrays, mimic cell towers to trick phones into connecting so they ca…
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers&#…