Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting cryptocurrency developers through the NuGet package registry. The malicious packages, which exfiltrate sensitive wallet data including private keys and mnemonics, highlight a critical vulnerability in package registry security…

Malicious NuGet Packages Mimic as Popular Nethereum Project to Steal Wallet Keys

itsecuritynews.info - 25/Oct 15:34

A sophisticated supply chain attack has emerged targeting cryptocurrency developers through the NuGet package ecosystem. Cybersecurity researchers...

PhantomRaven attack floods npm with credential-stealing packages

bleepingcomputer.com - 29/Oct 16:26

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD...

PhantomRaven attack floods npm with credential-stealing packages

bleepingcomputer.com - 29/Oct 16:26

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD...

Open VSX rotates access tokens used in supply-chain malware attack

bleepingcomputer.com - 02/Nov 15:09

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to...

Open VSX rotates access tokens used in supply-chain malware attack

bleepingcomputer.com - 02/Nov 15:09

The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and allowed threat actors to...

Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data

itsecuritynews.info - 21/Oct 16:34

A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails,...

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

itsecuritynews.info - 24/Oct 08:04

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

bleepingcomputer.com - 29/Oct 23:16

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive...

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

bleepingcomputer.com - 29/Oct 23:16

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive...

700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials

itsecuritynews.info - 30/Oct 18:04

A sophisticated malware campaign exploiting Near Field Communication technology on Android devices has expanded dramatically since its emergence in...

Rubriques :

Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys

Articles similaires

Malicious NuGet Packages Mimic as Popular Nethereum Project to Steal Wallet Keys

PhantomRaven attack floods npm with credential-stealing packages

PhantomRaven attack floods npm with credential-stealing packages

Open VSX rotates access tokens used in supply-chain malware attack

Open VSX rotates access tokens used in supply-chain malware attack

Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data

Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Malicious NPM packages fetch infostealer for Windows, Linux, macOS

700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials

Les derniers communiqués