Advertisement
Malicious npm Package Targets Claude AI User Data — Technical Analysis
Researchers discover mouse5212-super-formatter, a malicious npm package designed to exfiltrate sensitive files from Claude AI user directories.
Megalodon Malware: GitHub Repo Compromise & Secret Theft
Analysis of the Megalodon malware campaign, which compromised over 5,500 GitHub repositories in six hours to steal developer credentials and sensitive secrets. Learn how
Defending CI/CD Pipelines with Build Application Firewalls
Examine how Build Application Firewalls (BAF) provide runtime protection for software pipelines to mitigate sophisticated supply chain attacks and data theft.
Backdoored PyTorch Lightning Package Drops Credential Stealer
A malicious PyTorch Lightning package on PyPI delivers a credential stealer, targeting browser data, environment variables, and cloud service credentials. Urgent action
PyTorch Lightning 2.6.2/2.6.3 Compromise: Credential Theft Via Supply Chain
Threat actors injected malicious code into PyTorch Lightning versions 2.6.2 and 2.6.3 on PyPI, enabling credential theft via a supply chain attack. Urgent action
Malicious Crypto Wallets Infiltrate China's Apple App Store
26 fake cryptocurrency wallet apps infiltrated China's Apple App Store, impersonating popular brands to steal seed phrases and drain user funds.
UNC6783 Leverages BPOs to Steal Corporate Zendesk Tickets
New threat actor UNC6783 targets Business Process Outsourcing (BPO) providers to gain access to client Zendesk support tickets, risking sensitive data.
Axios NPM Supply Chain Attack Bypasses GitHub Actions CI/CD
A sophisticated supply chain attack targeted the Axios NPM package, leveraging a compromised token to bypass GitHub Actions CI/CD and deploy malicious versions.