#mfa-phishing

[ follow ]
#npm #supply-chain-attacks #authentication #oidc #shinyhunters #voice-phishing #sso-compromise
fromThe Hacker News
1 week ago

npm's Update to Harden Their Supply Chain, and Points to Consider

Let's start with the original problem Historically, npm relied on classic tokens: long-lived, broadly scoped credentials that could persist indefinitely. If stolen, attackers could directly publish malicious versions to the author's packages (no publicly verifiable source code needed). This made npm a prime vector for supply-chain attacks. Over time, numerous real-world incidents demonstrated this point. Shai-Hulud, Sha1-Hulud, and chalk/debug are examples of recent, notable attacks.
Node JS
Information security
fromDataBreaches.Net
4 weeks ago

ShinyHunters claim to be behind SSO-account data theft attacks - DataBreaches.Net

ShinyHunters claims responsibility for voice-phishing campaigns that compromise Okta, Microsoft Entra, and Google SSO accounts to access corporate SaaS platforms and extort stolen data.
[ Load more ]