Modern Phishing Challenges and the Browser Security Strategies to Combat Them
In today’s landscape of advanced phishing attacks, which leverage legitimate domains and sophisticated tactics to evade traditional security measures, it…
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
Adversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously…
Hunters International Disguises SharpRhino RAT as Legitimate Network Admin Tool
The RaaS group that distributes Hive ransomware delivers new malware impersonating as validly signed network-administration software to gain initial access…
StackExchange abused to spread malicious PyPi packages as answers
Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. [...]
Wanted: A SBOM Standard to Rule Them All
A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.
The Stark Truth Behind the Resurgence of Russia’s Fin7
The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3…