Cache-poisoning caper turns TanStack npm packages toxic


An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.

The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Update Chrome – Google patches actively exploited zero-day vulnerability

    January 18, 2024

    Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up ...

  • TA866 returns with a large Email campaign

    January 18, 2024

    Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_.pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive ...

  • Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware

    January 18, 2024

    Over the years, TAG has analyzed a range of persistent threats including COLDRIVER (also known as UNC4057, Star Blizzard and Callisto), a Russian threat group focused on credential phishing activities against high profile individuals in NGOs, former intelligence and military officers, and NATO governments. In order to gain the trust of targets, COLDRIVER often utilizes impersonation ...

  • Thousands of Android TV boxes hit by dangerous new malware-dropping botnet

    January 18, 2024

    A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing the access to earn masses of wealth, researchers have warned. Cybersecurity experts from Qianxin Xlabs dubbed the operation “Bigpanzi”, and claim there are some 170,000 daily active bots. Given that not all endpoints are active at ...

  • The dangers of quadruple blow ransomware attacks

    January 18, 2024

    For the first time, a ransomware gang has reported one of its victims to the authorities. This has never happened before and shows the continuing evolution of their business models to maintain pressure on the victim organisations. With this new mechanism, criminal actors are using the threat of potential regulatory fines as an additional incentive for ...

  • JPMorgan spends $15 billion a year on technology, given the risk of a data breach

    January 17, 2024

    JPMorgan Chase’s banking systems are attacked by hackers 45 billion a day, double what it saw a year earlier. The nation’s largest bank spends $15 billion a year on technology, given the risk of a data breach and the potentially devastating consequences of a successful cyber attack, Mary Callahan Erdoes, chief executive of the bank’s Asset ...