Tag JavaScript

Supply Chain Attacks on Open Source Software are Becoming Unmanageable

Critical Supply-Chain Attacks Target Developers with Malicious npm and PyPI Packages Recent reports have surfaced regarding a string of supply-chain attacks targeting developers on npm and PyPI, resulting in the distribution of malicious packages designed to compromise systems and steal sensitive information. These incidents highlighted a significant vulnerability within open-source…

Read MoreSupply Chain Attacks on Open Source Software are Becoming Unmanageable

GitHub Exploited to Distribute Amadey, Lumma, and Redline InfoStealers in Ukraine

A newly uncovered Malware-as-a-Service (MaaS) scheme is leveraging GitHub repositories to disseminate various infostealer families. This discovery was made by cybersecurity analysts at Cisco Talos, who released their findings today. The report details how the threat actors are utilizing the Amadey bot to directly source malware from public GitHub repositories…

Read MoreGitHub Exploited to Distribute Amadey, Lumma, and Redline InfoStealers in Ukraine

Security Experts Verify 16 Billion ‘Data Breach’ Involves Older Data Only

Security researchers affirm that the reported 16 billion record “data breach” consists primarily of outdated information. In a recent wave of coverage that contradicts earlier assertions, cybersecurity experts have clarified that the much-talked-about “data breach” involving 16 billion records is essentially a compilation of stale data rather than fresh leaks.…

Read MoreSecurity Experts Verify 16 Billion ‘Data Breach’ Involves Older Data Only

AI Code Hallucinations Heighten the Risk of ‘Package Confusion’ Attacks

New Research Uncovers Security Risks Posed by AI-Generated Code Recent studies have revealed alarming vulnerabilities associated with AI-generated computer code, particularly in the context of software supply chains. Researchers found that a significant portion of the code generated by large language models (LLMs) is rife with references to fictitious third-party…

Read MoreAI Code Hallucinations Heighten the Risk of ‘Package Confusion’ Attacks

Why AI-Generated Code Could Threaten the Software Supply Chain

Title: AI Hallucination: A New Vulnerability in Code Generation Recent developments in artificial intelligence have unveiled a concerning phenomenon known as "package hallucination." This term refers to instances where large language models (LLMs) generate outputs that include factually incorrect or entirely irrelevant information. These inaccuracies have been a persistent issue…

Read MoreWhy AI-Generated Code Could Threaten the Software Supply Chain

PrivatBank, Ukraine’s Largest Bank, Attacked by SmokeLoader Malware

Financially Motivated Threat Actor Targets PrivatBank Customers with Sophisticated Phishing Scheme A recent investigation by cybersecurity researchers at CloudSEK has uncovered a sophisticated phishing campaign orchestrated by the financially motivated group UAC-0006, aimed specifically at clients of PrivatBank, the largest state-owned bank in Ukraine. This alarming activity highlights the persistent…

Read MorePrivatBank, Ukraine’s Largest Bank, Attacked by SmokeLoader Malware

Seraphic Secures $29M to Enhance Enterprise Browser Security Solutions

Artificial Intelligence & Machine Learning, Endpoint Security, Next-Generation Technologies & Secure Development Seraphic Security Secures $29 Million in Series B Funding to Enhance Browser Security and AI Governance Michael Novinson (MichaelNovinson) • January 31, 2025 Ilan Yeshua, Co-founder and CEO of Seraphic Security (Image: Seraphic Security) A California-based startup focused…

Read MoreSeraphic Secures $29M to Enhance Enterprise Browser Security Solutions

Crypto Professionals Targeted by Fraudulent Meeting Applications

Explore the latest on Blockchain & Cryptocurrency, Cryptocurrency Fraud, and Fraud Management & Cybercrime. Australia Imposes AU$8 Million Fine on Kraken Exchange for Breaches Prajeet Nair (@prajeetspeaks) • December 12, 2024 Image: Shutterstock Information Security Media Group compiles a weekly summary of cybersecurity incidents in the digital asset space. This…

Read MoreCrypto Professionals Targeted by Fraudulent Meeting Applications