News

The Hacker News

Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

"Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with ...

Hijacker helper VoidProxy boosts Google, Microsoft accounts on demand

Multiple attackers using a new phishing service dubbed VoidProxy to target organizations' Microsoft and Google accounts have ...
Securities.io

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...
CSO Online

Warning: Hackers have inserted credential-stealing code into some npm libraries

Dozens of npm libraries, including a color library with over 2 million downloads a week, have been replaced with novel ...
CPO Magazine

Supply Chain Attack Infects Nearly 20 Popular NPM Packages with Billions of Weekly Downloads

Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
CSO Online

Warning: Brute force attacks hitting SonicWall firewall configuration backups

SonicWall is warning admins that recent brute force attacks on its firewall’s API service for cloud backup could have exposed ...

Inside the AP Poll: Why Notre Dame remains ranked despite 0-2 start

The Fighting Irish become the first 0-2 team in nearly four decades to be ranked in the AP college football poll.