Cache-poisoning caper turns TanStack npm packages toxic


An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.

The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • South Korea: KF-21 Fighter Jet Technology Leak Attempt Raises Concerns Over Diplomatic Tensions

    February 5, 2024

    An Indonesian technician working for Korea Aerospace Industries (KAI) was caught trying to leak internal documents related to the Korean supersonic fighter jet KF-21 ‘Boramae.’ While no core technology leaks have been confirmed yet, it is known that the individual attempted to extract a substantial amount of data. According to the Defense Acquisition Program Administration and ...

  • Oman sees surge in cyber crimes

    February 5, 2024

    The Public Prosecution in Oman has revealed that there were 140 cases of cybercrime in 2023, compared to 126 in 2022 while cases related to online content increased to 2,686 in 2023 from 2,519 in 2022. These cases included misusing financial cards, attempting, assisting, or agreeing to commit information technology fraud. Cases involving a violation of ...

  • Cyber attack hits Pennsylvania Courts’ website

    February 5, 2024

    Pennsylvania Courts’ website was targeted in a cyber attack on Sunday. Pennsylvania’s Chief Justice Debra Todd made the announcement, saying portions of the website were made unavailable due to the attack. The situation was described as a denial of service cyber attack. Todd said there was no indication any court data was compromised and courts will ...

  • Pakistan: Balochistan decides to ‘restrict’ internet service in ‘sensitive polling booths’

    February 5, 2024

    The caretaker government in Balochistan has decided to keep the internet service restricted in the sensitive polling booths in certain areas of the province in the lead-up to the February 8 polls amid dire security risks due to a spike in terrorist attacks. Balochistan caretaker Information Minister Jan Achakzai on Sunday night announced the decision, citing ...

  • Exploring the (Not So) Secret Code of Black Hunt Ransomware

    February 5, 2024

    It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black Hunt ransomware wreaked havoc by compromising around 300 companies in ...

  • Classified Japanese diplomatic info leaked after Chinese cyberattacks in 2020

    February 5, 2024

    Classified Japanese diplomatic information was leaked following Chinese cyberattacks on the Foreign Ministry in 2020, a government source said Monday, exposing the nation’s digital vulnerability. Japan detected the large-scale attack and release of diplomatic telegrams during a period of government under then Prime Minister Shinzo Abe, the source said, but the nature of the leaked information ...