Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
Malicious npm Packages Target Developers' Ethereum Wallets with SSH BackdoorSuspicious npm packages are harvesting Ethereum private keys and gaining SSH access on victim machines through malicious code.The attack requires developer engagement with the package for it to execute and steal information.
Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Malicious packages in open-source repositories are surgingMalicious packages in open-source software have increased by over 150% in the past year.
Images weaponised in latest supply chain attackMalicious packages discovered in npm registry containing hidden command and control functionality embedded in image files.
Veracode strengthens software security with acquisition of Phylum technologyVeracode enhances application security by acquiring Phylum's technology for real-time analysis of malicious packages, addressing rising supply chain attack costs.
Open source malware surged by 156% in 2024The rise of open source malware presents significant risks to software supply chains, with a staggering increase in malicious packages identified.
Malicious npm Packages Target Developers' Ethereum Wallets with SSH BackdoorSuspicious npm packages are harvesting Ethereum private keys and gaining SSH access on victim machines through malicious code.The attack requires developer engagement with the package for it to execute and steal information.
Hackers abuse NPM code registries via Ethereum networkNPM registries are under attack from malicious packages leveraging typosquatting, targeting developers' systems.287 malicious packages discovered affect prominent libraries.Hackers utilize Ethereum smart contracts to obscure their true origins.
Malicious packages in open-source repositories are surgingMalicious packages in open-source software have increased by over 150% in the past year.
Images weaponised in latest supply chain attackMalicious packages discovered in npm registry containing hidden command and control functionality embedded in image files.
Veracode strengthens software security with acquisition of Phylum technologyVeracode enhances application security by acquiring Phylum's technology for real-time analysis of malicious packages, addressing rising supply chain attack costs.
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to DevelopersA new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.