An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.
The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.
Read more…
Source: The Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Exploits and vulnerabilities in Q1 2024
May 7, 2024
Software vulnerabilities that threat actors can exploit or are already actively exploiting are a critical component of evolving cyberthreat landscape. In this report, Kaspersky researchers present a series of insightful statistical and analytical snapshots relating to the trends in the emergence of new vulnerabilities and exploits, as well as the most prevalent vulnerabilities being used by ...
- UK: Cyber attack on Scots health board sees stolen data published on dark web
May 7, 2024
A large volume of data stolen during a cyber attack on a health board has been published by a ransomware group. Cyber criminals were able to access a significant amount of data including patient and staff-identifiable information during the attack on NHS Dumfries and Galloway which began at the end of February. Data relating to a ...
- Financial cyberthreats in 2023
May 6, 2024
Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat ...
- GenAI Is Powering the Latest Surge in Modern Email Threats
May 6, 2024
Generative artificial intelligence (GenAI) tools like ChatGPT have extensive business value. They can write content, clean up context, mimic writing styles and tone, and more. But what if bad actors abuse these capabilities to create highly convincing, targeted and automated phishing messages at scale? No need to wonder as it’s already happening. Not long after the ...
- Portland-based BerryDunn faces lawsuits over data breach affecting 1.1M people
May 6, 2024
A Maine accounting firm has been sued after a data breach exposed the personal information of more than a million people. BerryDunn, an accounting firm based out of Portland, is facing lawsuits from nine different people. The lawsuits claim that names and Social Security numbers of 1.1 million people were exposed in the breach involving one ...
- Germany recalls envoy to Russia over cyberattack
May 6, 2024
The German ambassador to Russia was recalled for consultations on Monday after Berlin accused Moscow of carrying out cyberattacks. A newly concluded government investigation found the cyberattack had been carried out by a group — linked to Moscow’s GRU military intelligence agency — known as APT28. The group, also known as Fancy Bear, has been accused ...

