More results...
For a supply chain attack and to plant the Korplug backdoor (aka PlugX) on the systems of the targeted victims, an unknown APT group was found to be using the “Cobra DocGuard.” Cobra DocGuard is a legit software package that enables users …
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information. All of these packages […]
The post Malicious packages in the NPM designed for highly-targeted attacks appeared first on Security Affairs.
Organizations using the Ivanti EPMM mobile management software must update their systems immediately as hackers…
Ivanti Mobile Management Software Zero-Day Under Active Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetr…
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]
The post Experts warn of OSS supply chain attacks against the banking sector appeared first on Security Affairs.
Researchers found a critical vulnerability in the Google Cloud Build that allowed elevated privileges to…
A Google Cloud Build Vulnerability Could Aid Supply-Chain Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetratio…
Days after the horrifying cyberattack, more details about the 3CX incident surface online as Mandiant…
3CX Cyber Attack: It Was The Aftermath Of Another Supply-Chain Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetrati…
The popular communication software business 3CX has admitted a supply-chain attack, potentially affecting its customers…
Phone Systems Giant 3CX Supply-Chain Attack Induces A Domino Effect on Latest Hacking News | Cyber Security News, Hacking Too…
Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023?
A nightly build version of a machine-learning framework dependency has been compromised. The package ran malicious code on affected systems and stole data from unsuspecting users.
The post Machine-Learning Python package compromised in supply chain att…
Threat actors compromised the PyTorch Machine Learning Framework by adding a malicious dependency. The maintainers of the PyTorch package warn of a supply chain attack. Users who have installed PyTorch-nightly on Linux via pip between December 25, 2022 and December 30, 2022, to uninstall it and use the latest binaries. “If you installed PyTorch-nightly on […]
The post PyTorch compromised to demonstrate dependency confusion attack on Python environments appeared first on Security Affairs.