Just weeks after the s1ngularity attack weaponized AI assistants, the NPM ecosystem was rocked by a far more dangerous threat: a self-propagating worm named Shai-Hulud.
In a sobering demonstration of this rapid escalation in attack techniques, the worm has compromised over 187 packages, including several developer-facing tools published by cybersecurity firm CrowdStrike. These two distinct events paint a clear picture of a new and accelerating threat to the open-source supply chain. Let’s break down this evolution.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hacked GPS tracker reveals location data of customers
August 19, 2024
Stalkerware researcher maia arson crimew strikes again. Big time. We know maia as a researcher that loves to go after stalkerware peddlers, which Malwarebytes—as one of the founding members of the Coalition Against Stalkerware—loves to see. The investigation into Tracki, besides uncovering a tangled web of companies, dubious websites, and false identities, also led to a ...
- Wichita airport still without Wi-Fi months after cyber attack
August 19, 2024
It’s been more than three months since a cyber attack on Wichita took the city’s computer systems offline, and one city service is still not completely back to normal. Dwight D. Eisenhower National Airport was impacted by May’s attack. The airport’s Wi-Fi services went down, as well as its departure and arrival screens. While the screens ...
- UK to conduct review on tackling ‘extremist ideologies’, including misogyny
August 18, 2024
UK Home Secretary Yvette Cooper has ordered a review of the United Kingdom’s counterterrorism strategy on how to best tackle threats by “extremist ideologies” including misogyny. Other ideological trends to be investigated by the Home Office include “Islamism” and far-right “extremism”. Cooper said the strategy will “map and monitor extremist trends” and gauge how to direct ...
- How the ransomware attack at Change Healthcare went down: A timeline
August 17, 2024
A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of people living in America” are receiving notice by mail that their personal and health information was ...
- Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove
August 16, 2024
In the shadowy world of cybercrime, even the most cunning hackers can make blunders that expose their operations. In this article CPR describes the discovery of Styx Stealer, a new malware variant derived from the notorious Phemedrone Stealer. Check Point investigation revealed critical missteps by the developer of Styx Stealer, including a significant operational security (OpSec) ...
- ‘Keyboard warrior’ jailed for part in UK disorder
August 16, 2024
A man who posted material on social media to stir up racial hatred during recent unrest across the UK has been jailed for three years. Wayne O’Rourke, who had more than 90,000 followers to his X account, posted misinformation about the killing of three young girls in Southport on 29 July and praised the burning of ...