#typosquatting
#typosquatting

Ten malicious npm packages deliver a multi-stage information stealer using obfuscation, fake CAPTCHA, IP fingerprinting, and a 24MB PyInstaller payload targeting Windows, Linux, and macOS.

Information security

fromIT Pro

1 week ago

Hackers are using these malicious npm packages to target developers on Windows, macOS, and Linux systems - here's how to stay safe

Typosquatted npm packages delivered a PyInstaller 24MB infostealer across Windows, macOS, and Linux using multi-layer obfuscation, fake CAPTCHA, and IP fingerprinting.

Information security

fromThe Hacker News

1 month ago

Malicious Rust Crates Steal Solana and Ethereum Keys - 8,424 Downloads Confirmed

Two malicious Rust crates impersonated fast_log to scan source code and exfiltrate Solana and Ethereum private keys to a hardcoded C2 endpoint.

Artificial intelligence

fromTheregister

7 months ago

AI code suggestions sabotage software supply chain

LLM-powered code generation tools are reshaping software development but may introduce significant risks to the software supply chain.

[ Load more ]

#typosquatting#typosquatting

Malicious npm package sneaks into GitHub Actions builds