More results...
The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a dangerous new supply chain attack vector called ‘Rules File Backdoor.’ Threat actors could use the technique to silently compromise AI-generated code by injecting malicious code. The attack […]
Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024.
The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020. Recently, researchers from Kaspersky reported the discovery of a free download manager site that has been compromised to […]
The post Ukrainian hackers are behind the Free Download Manager supply chain attack appeared first on Security Affairs.
Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years. Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While investigating a set of suspicious domains, the experts identified that the domain in question has […]
The post Free Download Manager backdoored to serve Linux malware for more than 3 years appeared first on Security Affairs.
Kaspersky researchers analyzed a Linux backdoor disguised as Free Download Manager software that remained under the radar for at least three years.
For a supply chain attack and to plant the Korplug backdoor (aka PlugX) on the systems of the targeted victims, an unknown APT group was found to be using the “Cobra DocGuard.” Cobra DocGuard is a legit software package that enables users …
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information. All of these packages […]
The post Malicious packages in the NPM designed for highly-targeted attacks appeared first on Security Affairs.
Organizations using the Ivanti EPMM mobile management software must update their systems immediately as hackers…
Ivanti Mobile Management Software Zero-Day Under Active Attack on Latest Hacking News | Cyber Security News, Hacking Tools and Penetr…
Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]
The post Experts warn of OSS supply chain attacks against the banking sector appeared first on Security Affairs.
Researchers found a critical vulnerability in the Google Cloud Build that allowed elevated privileges to…
A Google Cloud Build Vulnerability Could Aid Supply-Chain Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetratio…