Mar 18, 2025Ravie LakshmananAI Security / Software Security Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code … [Read more...] about New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Malicious
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm … [Read more...] about Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Malicious code in fake GitHub repositories
Can you imagine a world where, every time you wanted to go somewhere, you had to reinvent the wheel and build a bicycle from scratch? We can’t either. Why reinvent something that already exists and works perfectly well? The same logic applies to programming: developers face routine tasks every day, and instead of inventing their own wheels and bicycles (which might even be not … [Read more...] about Malicious code in fake GitHub repositories
Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Feb 19, 2025Ravie LakshmananMobile Security / Cyber Espionage Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the … [Read more...] about Hackers Exploit Signal’s Linked Devices Feature to Hijack Accounts via Malicious QR Codes
How to detect malicious browser extensions using Elastic
When your CISO asks if a specific browser extension has ever been installed on any of your workstations, how quickly can you get the correct answer? Malicious browser extensions are a significant threat that many organizations have no way of managing or detecting. This blog post explores how the Elastic Infosec team uses osquery and the Elastic Stack to create a real-time … [Read more...] about How to detect malicious browser extensions using Elastic
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of … [Read more...] about Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module … [Read more...] about Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Jan 27, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the … [Read more...] about GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs
Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
Dec 19, 2024Ravie LakshmananSupply Chain / Software Security Threat actors have been observed uploading malicious typosquats of legitimate npm packages such as typescript-eslint and @types/node that have racked up thousands of downloads on the package registry. The counterfeit versions, named @typescript_eslinter/eslint and types-node, are engineered to download a trojan and … [Read more...] about Thousands Download Malicious npm Libraries Impersonating Legitimate Tools
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
Dec 13, 2024Ravie LakshmananCyber Attack / Malware A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers … [Read more...] about 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits