Researchers at Aikido Security uncovered a sophisticated supply‑chain malware operation that compromised at least 16 popular packages in the npm and PyPI ecosystems, affecting nearly 1,000,000 weekly downloads. In recent years, open‑source package ecosystems (npm, PyPI, RubyGems, etc.) have become a “highway” for attackers into…
Continue reading...
A malicious Python package named “disgrasya” has been discovered on Python Package Index (PyPI), used as a tool for credit card fraud. This package exploited the WooCommerce API to automate stolen card verification and reached over 34,000 downloads, highlighting a serious and widespread threat in…
Continue reading...
In a significant development, cybersecurity researchers have uncovered that MirrorFace, a threat actor group linked to China, has broadened its cyber espionage activities beyond its traditional focus on Japan. Recent findings indicate that the group targeted a diplomatic organization in the European Union, marking a…
Continue reading...
