Open-source repositories flooded by 144,000 phishing packages
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.…
Iranian APT Targets US With Drokbk Spyware via GitHub
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using…
Phishing in the Cloud: We’re Gonna Need a Bigger Boat
SasS security is everyone's problem.
Where to Find the Best Open Source Security Technology
A free resource, updated monthly, lists the most-popular, highly rated OSS projects.
Artifact Poisoning in GitHub Actions Imports Malware via Software Pipelines
A vulnerability discovered in GitHub Actions could allow an attacker to poison a developer's pipeline, highlighting the risk that insecure…
TikTok ‘Invisible Body’ challenge exploited to push malware
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal…
Docker Hub repositories hide over 1,650 malicious containers
Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as…
Fake MSI Afterburner targets Windows gamers with miners, info-stealers
Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners…
Windows Subsystem for Linux generally available via Microsoft Store
Microsoft announced today that the Store version of Windows Subsystem for Linux (WSL) is generally available for Windows 10 and…
Aurora infostealer malware increasingly adopted by cybergangs
Cybercriminals are increasingly turning to a new Go-based information stealer named 'Aurora' to steal sensitive information from browsers and cryptocurrency apps,…