Supply Chain Attack
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. Last week, a supply chain attack on the tj-actions/changed-files GitHub Action caused malicious code to write CI/CD secrets to the workflow logs for 23,000 repositories. If those […]
Supply chain attack on popular GitHub Action exposes CI/CD secrets
A supply chain attack on the widely used ‘tj-actions/changed-files’ GitHub Action, used by 23,000 repositories, potentially allowed threat actors to steal CI/CD secrets from GitHub Actions build logs. The GitHub Action is a very popular automation tool designed for GitHub Actions workflows. It allows developers to identify files changed in a pull request or commit […]
North Korean Lazarus hackers infect hundreds via npm packages
Six malicious packages have been identified on npm (Node package manager) linked to the notorious North Korean hacking group Lazarus. The packages, which have been downloaded 330 times, are designed to steal account credentials, deploy backdoors on compromised systems, and extract sensitive cryptocurrency information. The Socket Research Team discovered the campaign, which linked it to previously […]
Silk Typhoon hackers now target IT supply chains to breach networks
Microsoft warns that Chinese cyber-espionage threat group ‘Silk Typhoon’ has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. The tech giant has confirmed breaches across multiple industries, including government, IT services, healthcare, defense, education, NGOs, and energy. “They [Silk Typhoon] exploit […]
Microsoft spots XCSSET macOS malware variant used for crypto theft
A new variant of the XCSSET macOS modular malware has emerged in attacks that target users’ sensitive information, including digital wallets and data from the legitimate Notes app. The malware is typically distributed through infected Xcode projects. It has been around for at least five years and each update represents a milestone in XCSSET’s development. The current […]
DeepSeek AI tools impersonated by infostealer malware on PyPI
Threat actors are taking advantage of the rise in popularity of the DeepSeek to promote two malicious infostealer packages on the Python Package Index (PyPI), where they impersonated developer tools for the AI platform. The packages were named “deepseeek” and “deepseekai” after the Chinese artificial intelligence startup, developer of the R1 large-language model that recently saw […]
Solana Pump.fun tool DogWifTool compromised to drain wallets
Hackers have compromised the Windows version of the DogWifTools software for promoting meme coins on the Solana blockchain in a supply-chain attack that drained users’ wallets. The developers claim that a malicious threat actor compromised the project’s private GitHub repository after reverse engineering the software to extract a GitHub token. The maintainers of the platform said […]
IPany VPN breached in supply-chain attack to push custom malware
South Korean VPN provider IPany was breached in a supply chain attack by the “PlushDaemon” China-aligned hacking group, who compromised the company’s VPN installer to deploy the custom ‘SlowStepper’ malware. The hackers managed to infiltrate IPany’s development platform and insert its custom ‘SlowStepper’ backdoor on its installer (‘IPanyVPNsetup.exe’), which infected customer systems when the VPN was […]
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. Although initial reports focused on Cyberhaven’s security-focused extension, subsequent investigations revealed that the same code had been injected into at least 35 extensions collectively used by […]
Cybersecurity firm’s Chrome extension hijacked to steal users’ data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. One attack was disclosed by Cyberhaven, a data loss prevention company that alerted its customers of a breach on December 24 after a successful phishing attack on an administrator account for the Google Chrome store. […]