Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack
Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.
#SupplyChainAttack #Cryptominer #HolaBrowser #MalwareOperations #EmergingThreats
π° "Miasma" Worm Spreads Through npm via "Phantom Gyp" Technique, Stealing Dev Secrets
π¨ A self-spreading worm named 'Miasma' is hitting the npm registry! It uses a novel 'Phantom Gyp' technique to bypass security and steal developer secrets for AWS, GCP, GitHub & more. Check your dependencies now! π #SupplyChainAttack #npm #Miasma
π cyber[.]netsecops[.]io
ποΈ The WP Minute+ #podcast:
Inside the Surge of WordPress Supply Chain Attacks
Host: Eric Karkovack #EricKarkovack
at @thewpminute.com
Feat.: Anchor Hosting owner Austin Ginder
#Wordpress #SupplyChainAttack #Vulnerabilities
https://thewpminute.com/inside-the-surge-of-wordpress-supply-chain-attacks/
Malicious code hid inside Red Hat’s npm packages and spread to steal cloud keys
https://www.martincid.com/technology-sv/red-hat-npm-packages-compromised/
Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.
#SupplyChainAttack #Npm #RedHat #CredentialHarvesting #CicdTargeting
Donating to @libreoffice.
Very important #opensource project, especially now that things are moving in the #digitalsovereignty #SupplyChainattack #enshittification #fuckmicrosoft #FuckGoogle areas.
π° GlassWorm Malware Infrastructure Dismantled in Coordinated Takedown
β Takedown! CrowdStrike, Google & Shadowserver disrupt the "GlassWorm" malware C2 infrastructure. π The campaign targeted developers via malicious VS Code extensions & npm packages to steal credentials. #SupplyChainAttack #CyberSecurity #Takedown
π cyber[.]netsecops[.]io
π° New npm Typosquatting Campaign Pushes Malware to Steal AWS and CI/CD Secrets
Microsoft uncovers a typosquatting campaign on npm by actor 'vpmdhaj'. 14 malicious packages use `preinstall` hooks to steal AWS credentials, Vault tokens, and other CI/CD secrets from developers. β οΈ #SupplyChainAttack #npm #InfoSec
π cyber[.]netsecops[.]io
Malicious NuGet Package Exfiltrates Sicoob Banking Credentials
A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.
#MaliciousNugetPackage #SupplyChainAttack #CredentialTheft #EmergingThreats #Brazil
Supply chain attacks hide malicious code inside the software you trust
https://www.martincid.com/technology-sv/supply-chain-attacks-explained-2/
Analyst207
CyberNetsecIO
pablolarah
martincidmag
domi
