packages

Falcon Cloud Security Identifies AI-Driven Packages in Container Images

Mar 18, 2025 by iHash Leave a Comment

Artificial intelligence (AI) is rapidly transforming industries, but with this innovation come new security challenges as threat actors explore AI’s powerful capabilities. They’re adopting new techniques, targeting AI models, injecting malicious code into AI processes, and exploiting vulnerabilities in AI-related software packages. Malicious AI-related software packages … [Read more...] about Falcon Cloud Security Identifies AI-Driven Packages in Container Images

Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Mar 15, 2025 by iHash Leave a Comment

Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm … [Read more...] about Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal

Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Dec 24, 2024 by iHash Leave a Comment

Dec 24, 2024Ravie LakshmananMalware / Data Exfiltration Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, … [Read more...] about Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts

Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Dec 20, 2024 by iHash Leave a Comment

Dec 20, 2024Ravie LakshmananMalware / Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions … [Read more...] about Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

Mar 21, 2024 by iHash Leave a Comment

Mar 21, 2024NewsroomSoftware Security / Open Source New research has discovered over 800 packages in the npm registry which have discrepancies from their registry entries, out of which 18 have been found to exploit a technique called manifest confusion. The findings come from cybersecurity firm JFrog, which said the issue could be exploited by threat actors to trick … [Read more...] about Over 800 npm Packages Found with Discrepancies, 18 Exploitable to ‘Manifest Confusion’

These PyPI Python Packages Can Drain Your Crypto Wallets

Mar 12, 2024 by iHash Leave a Comment

Mar 12, 2024The Hacker NewsCryptocurrency / Cybercrime Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs. The packages were … [Read more...] about These PyPI Python Packages Can Drain Your Crypto Wallets

BlazeStealer Malware Discovered in Python Packages on PyPI

Nov 8, 2023 by iHash Leave a Comment

Nov 08, 2023NewsroomSupply Chain / Software Security A new set of malicious Python packages has slithered their way to the Python Package Index (PyPI) repository with the ultimate aim of stealing sensitive information from compromised developer systems. The packages masquerade as seemingly innocuous obfuscation tools, but harbor a piece of malware called BlazeStealer, … [Read more...] about BlazeStealer Malware Discovered in Python Packages on PyPI

Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Oct 31, 2023 by iHash Leave a Comment

Oct 31, 2023NewsroomSoftware Security / Malware Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment. Software supply chain security firm ReversingLabs described the campaign as coordinated and ongoing since August 1, 2023, while linking it to a host of rogue NuGet … [Read more...] about Malicious NuGet Packages Caught Distributing SeroXen RAT Malware

Customize your data ingestion with Elastic input packages

Oct 1, 2023 by iHash Leave a Comment

Say hello to Julia, who works as an engineer at Ascio Innovation firm. She is currently working with Oracle Weblogic server and wants to get a set of metrics for monitoring it. She goes ahead and installs Elastic Oracle Weblogic Integration, which uses Jolokia in the backend to fetch the metrics. Now, her team wants to advance in the monitoring and has the following … [Read more...] about Customize your data ingestion with Elastic input packages

Over a Dozen PHP Packages with 500 Million Compromised

May 5, 2023 by iHash Leave a Comment

May 05, 2023Ravie LakshmananProgramming / Software Security PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message … [Read more...] about Over a Dozen PHP Packages with 500 Million Compromised

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54