Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud.
In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events paint a clear picture of a new and accelerating threat to the open-source supply chain. Let’s break down this evolution.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
February 13, 2025
Security researchers say the Chinese government-linked hacking group, Salt Typhoon, is continuing to compromise telecommunications providers, despite the recent sanctions imposed by the U.S. government on the group. In a report shared with TechCrunch, threat intelligence firm Recorded Future said it had observed Salt Typhoon — which the company tracks as “RedMike” — breaching five telecommunications ...
- Storm-2372 conducts device code phishing campaign
February 13, 2025
Microsoft discovered cyberattacks being launched by a group they call Storm-2372, who they assess with medium confidence aligns with Russia’s interests and tradecraft. The attacks appear to have been ongoing since August 2024 and have targeted governments, NGOs, and a wide range of industries in multiple regions. The attacks use a specific phishing technique called “device ...
- Spyware maker caught distributing malicious Android apps for years
February 13, 2025
Italian spyware maker SIO, known to sell its products to government customers, is behind a series of malicious Android apps that masquerade as WhatsApp and other popular apps but steal private data from a target’s device, TechCrunch has exclusively learned. Late last year, a security researcher shared three Android apps with TechCrunch, claiming they were likely ...
- Upper Michigan: Cyber attack hits Sault Tribe offices
February 13, 2025
A ransomware attack that shut down gaming at all five Kewadin Casino locations also impacted other offices at an eastern Upper Peninsula tribe. The tribe made the announcement Monday and said it could be a week or more before regular operations can resume. “On Sunday morning, the Sault Ste. Marie Tribe of Chippewa Indians suffered a ...
- Ivanti Releases February 2025 Security Updates
February 12, 2025
Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides secure communication and functionality over the Internet. It falls under the primary product of Ivanti Endpoint ...
- SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
February 12, 2025
A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing CVE-2024-53704 on 07 January 2025. Successful exploitation of CVE-2024-53704 could allow a remote, unauthenticated attacker to ...