X-Industry

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by using obfuscated JavaScript to slip past security defenses. The campaign's impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected. Malicious emails often impersonate official tax documents, using the urgency of personal income tax filings to trick users into downloading the malware.

See:  https://r

Recently, cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.  "Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape," Checkmarx researchers Yehuda Gelb and Elad Rapaport said in a report.[1]

The software supply chain security company noted

A new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.  The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code effecting any end-user submitting its password in a web form.  The malware is also designed to capture GitHub

Cybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.  The npm registry is a public database of JavaScript packages that developers use to contribute packages to the community or download packages for their own projects.  The default npm public registry is found at https://registry.npmjs.org. npm is configured to use this registry by default, but it can be configured to use any compatible regi