Cache-poisoning caper turns TanStack npm packages toxic


An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host.

The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit

    June 14, 2023

    Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is ...

  • Australia’s privacy monitor hit by cyber attack

    June 14, 2023

    Australia’s peak privacy body that monitors potential breaches has fallen victim to a cyber attack. The Office of the Australian Information Commissioner has confirmed data belonging to law firm HWL Ebsworth has been stolen by Russian criminal ransomware hackers. Read more… Source: MSN News  

  • “.Zip” top-level domains draw potential for information leaks

    June 13, 2023

    As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way ...

  • VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors

    June 13, 2023

    As Endpoint Detection and Response (EDR) solutions improve malware detection efficacy on Windows and Linux systems, certain state-sponsored threat actors have shifted to developing and deploying malware on systems that do not generally support EDR such as network appliances, SAN arrays, and VMware ESXi hosts. In late 2022, Mandiant published details surrounding a novel malware system deployed ...

  • MOVEit Vulnerabilities: What You Need to Know

    June 12, 2023

    Extortion actors have been actively exploiting a recently patched vulnerability in MOVEit Transfer, a file-transfer application that is widely used to transmit information between organizations. The nature of the software affected means that attackers can exploit unpatched systems to mount a supply chain attack against multiple organizations. While the original vulnerability (CVE-2023-34362) was patched on May ...

  • Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency

    June 12, 2023

    Stealing cryptocurrencies is nothing new. For example, the Mt. Gox exchange was robbed of many bitcoins back in the beginning of 2010s. Attackers such as those behind the Coinvault ransomware were after your Bitcoin wallets, too. Since then, stealing cryptocurrencies has continued to occupy cybercriminals. One of the latest additions to this phenomenon is the multi-stage ...