On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber attacks on law firms jumped by 77% over the past year
August 27, 2024
The number of successful cyber attacks against UK law firms rose by 77% in the past year to 954, up from 538 the year before, according to a new study of the threat. Chartered accountants Lubbock Fine said that the wave is driven by criminals seeing law firms as prime targets for ransomware attacks or blackmail. This ...
- Ransomware attacks on schools threaten student data nationwide
August 26, 2024
Imagine a criminal gaining unrestricted access to your child’s most private information — medical records, Social Security numbers and even details about their daily bus ride to school. This alarming scenario is becoming a reality for a growing number of families as sophisticated cybercriminals increasingly target schools across the United States, holding their computer systems ...
- Laybuy collapsed after unreported cyber attack
August 26, 2024
A Klarna rival collapsed into bankruptcy after millions of pounds was stolen in a cyber attack. The collapse of Laybuy, a buy now, pay later (BNPL) start-up, followed a previously unreported hacking between December and February that left the business on the brink. Laybuy, which had more than 750,000 customers and was headquartered in New Zealand, filed ...
- Port of Seattle says it was hit with possible cyberattack; outage affects airport, phone systems
August 25, 2024
The Port of Seattle said Saturday it was hit with a “possible cyberattack” that impacted Seattle-Tacoma International Airport, phone systems, and websites. The outage was first reported Saturday morning just after 9 a.m. PT, described as an “internet and web systems outage.” A few hours later, Seattle-Tacoma International Airport posted on X and said the Port ...
- Telegram messaging app CEO Pavel Durov arrested in France
August 25, 2024
Pavel Durov, the founder and CEO of the Telegram messaging app, has been arrested at Bourget airport outside Paris for alleged offences related to his messaging app, French media reports. Local sources said on Sunday that Durov, 39, had been travelling on his private jet from Azerbaijan and that a French arrest warrant targeted him as ...
- Halliburton probes impact of cyber attack with law enforcement
August 24, 2024
Top U.S. oilfield services firm Halliburton said on Friday it was working with law enforcement to determine the extent of a computer systems breach and was yet to determine if the incident would have a material impact on its business. The $23-billion company became aware of the cyber attack on Wednesday, it said in its first ...