The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for … [Read more...] about Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
attack
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Mar 18, 2025Ravie LakshmananAI Security / Software Security Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code … [Read more...] about New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Supply chain attack via GitHub Action
Attacks on open-source mostly start with publishing new malicious packages in repositories. But the attack that occurred on March 14 is in a different league — attackers compromised the popular GitHub Action tj-actions/changed-files, which is used in more than 23,000 repositories. The incident was assigned CVE-2025-30066. All repositories that used the infected changed-files … [Read more...] about Supply chain attack via GitHub Action
Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
Mar 10, 2025Ravie LakshmananCybersecurity / Malware Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate extension, making it extremely … [Read more...] about Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials
Cross-Domain Attack Defense with Intel-Led Threat Hunting
1. Initial Entry and Exploitation In the first stage of this attack, the adversary set up a command-and-control (C2-1 in Figure 1) infrastructure to launch their attack. They targeted a Linux Tomcat server, exploiting a known vulnerability to gain root access. Once inside, they conducted reconnaissance using standard tools like LDAP search to enumerate network shares and … [Read more...] about Cross-Domain Attack Defense with Intel-Led Threat Hunting
Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
Feb 22, 2025Ravie LakshmananFinancial Crime / Cryptocurrency Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a … [Read more...] about Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of … [Read more...] about New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
Jan 03, 2025Ravie LakshmananMachine Learning / Vulnerability Cybersecurity researchers have shed light on a new jailbreak technique that could be used to get past a large language model's (LLM) safety guardrails and produce potentially harmful or malicious responses. The multi-turn (aka many-shot) attack strategy has been codenamed Bad Likert Judge by Palo Alto Networks Unit … [Read more...] about New AI Jailbreak Method ‘Bad Likert Judge’ Boosts Attack Success Rates by Over 60%
Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions … [Read more...] about Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign
Nov 21, 2024Ravie LakshmananVulnerability / Cyber Attack As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under active exploitation in the wild. According to statistics shared by the Shadowserver Foundation, a majority of the infections have been reported in the … [Read more...] about Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign