Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud.
In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events paint a clear picture of a new and accelerating threat to the open-source supply chain. Let’s break down this evolution.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Active Exploitation of Zero-Day Vulnerability in Ivanti Connect Secure
January 9, 2025
CVE-2025-0282 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 9.0. If exploited, a remote unauthenticated attacker could execute arbitrary code (ACE). CVE-2025-0283 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 7.0. If exploited, a local authenticated attacker could escalate their privileges. Affected organisations must review the Ivanti Security Advisory and ...
- Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data
January 8, 2025
Japan on Wednesday linked more than 200 cyberattacks over the past five years targeting the country’s national security and high technology data to a Chinese hacking group, MirrorFace, detailing their tactics and calling on government agencies and businesses to reinforce preventive measures. MirrorFace sent emails with attachments containing malware to targeted organizations and individuals to view ...
- Enhancing Botnet Detection with AI using LLMs and Similarity Search
January 8, 2025
As botnets continue to evolve, so do the techniques required to detect them. While Transport Layer Security (TLS) encryption is widely adopted for secure communications, botnets leverage TLS to obscure command-and-control (C2) traffic. These malicious actors often have identifiable characteristics embedded within their TLS certificates, opening a potential pathway for advanced detection techniques. In first-of-its-kind research, ...
- Multiple Vulnerabilities in SonicOS
January 8, 2025
SonicWall has released a security advisory to address three high severity vulnerabilities and one medium severity vulnerability in SonicOS. SonicWall appliances are security appliances that provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. Read more… Source: NHS Digital Sign up for our Newsletter Related:
- AI-supported spear phishing fools more than 50% of targets
January 7, 2025
One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing, and the results line up with everyone’s expectations: AI is making it easier to ...
- Italian digital identity provider suffers data breach, 5.5M customers affected
January 7, 2025
InfoCert has had millions of its customers’ personal data stolen and put up for sale. A leading European certification authority and provider of digital identity services such as Italy’s SPID (Public Digital Identity System), InfoCert posted a public notice on its website detailing the data breach on December 27. However, the notice has since been taken ...