Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud.
In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events paint a clear picture of a new and accelerating threat to the open-source supply chain. Let’s break down this evolution.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Head Mare and Twelve join forces to attack Russian entities
March 13, 2025
In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. kaspersky investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents. This ...
- #StopRansomware: Medusa Ransomware
March 12, 2025
Medusa is a ransomware-as-a-service (RaaS) variant first identified in June 2021. As of February 2025, Medusa developers and affiliates have impacted over 300 victims from a variety of critical infrastructure sectors with affected industries including medical, education, legal, insurance, technology, and manufacturing. The Medusa ransomware variant is unrelated to the MedusaLocker variant and the Medusa mobile ...
- Squid Werewolf cyber spies masquerade as recruiters
March 12, 2025
Espionage activity clusters may pose as recruiters to distribute phishing emails, targeting key employees in organizations of interest. In December 2024, the BI.ZONE Threat Intelligence team uncovered a peculiar phishing campaign aimed at luring victims with fake job opportunities at an industrial organization. A detailed analysis revealed that the attack had been carried out by Squid Werewolf ...
- Apple Releases Security Updates for Multiple Products
March 12, 2025
Apple has released security updates to address an exploited vulnerability in multiple Apple products. CVE-2025-24201 is an ‘out-of-bounds write’ vulnerability that could allow an attacker with maliciously crafted web content to break out of Web Content sandbox. The security update addressing CVE-2025-24201 is a supplementary fix for an exploited vulnerability that was addressed in iOS 17.2. ...
- Ohio: Cleveland Municipal Court reopens after cyber attack
March 12, 2025
Cleveland Municipal Court is back open after a cyber attack forced a multi-week shutdown. Details have been limited about the incident itself, but court visitors said it’s caused a frustrating delay. Most operations have been suspended since Feb. 23 when the court discovered it was the victim of a cyber attack. Read more… Source: News 5 Cleveland Sign up ...
- India arrests man accused of running $96 billion crypto exchange at request of US
March 12, 2025
Indian authorities have arrested a Lithuanian man wanted by the US for allegedly running a $96 billion cryptocurrency exchange that allowed terrorist organizations, drug traffickers and cybercriminals to launder money. The arrest caps an intense US-led manhunt for Aleksej Besciokov, that escalated last week with the seizure of the crypto exchange, the freezing of $26 million ...