Hosted on MSN

Shai-Hulud cyberattack hits over 25,000 npm projects, stealing developer credentials

A second wave of the Shai-Hulud supply-chain attack has struck the npm software ecosystem, affecting more than 25,000 projects and hundreds of developers, Israeli tech firm Sola Security announced on ...
Ars Technica

11 million devices infected with botnet malware hosted in Google Play

Five years ago, researchers made a grim discovery—a legitimate Android app in the Google Play market that was surreptitiously made malicious by a library the developers used to earn advertising ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
CSOonline

XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm

The updated malware, which spreads via infected Xcode projects, introduces advanced evasion tactics and persistence mechanisms to bypass security defenses. Microsoft has warned that a new variant of ...
Dark Reading

Self-Propagating GlassWorm Attacks VS Code Supply Chain

A self-propagating worm is targeting Visual Studio Code (VS Code) extensions in a complex supply chain attack that has infected 35,800 developer machines so far with techniques the likes of which ...