Posts by Tag: malware
all of the articles we have posted and linked so far under the tag: malware
Megalodon: 5,561 Repos Swallowed in Six Hours
TLDR and details on the Megalodon supply chain attack mass-backdooring GitHub repositories via malicious CI/CD workflow commits.
GitHub: The Extension That Opened the Vault
TLDR and impact summary for the GitHub internal repository breach caused by a malicious VS Code extension installed by a GitHub developer.
Mini Shai-Hulud: 639 Packages Deep and Still Burrowing
TLDR and affected package summary for the latest wave of the Mini Shai-Hulud npm supply-chain campaign targeting antv and echarts-for-react.
Nx Console: One Stolen Token, One Poisoned Marketplace
TLDR and affected version summary for the Nx Console VS Code extension compromise via a contributor's leaked GitHub PAT.
VoidStealer: Reaching Past Chrome's Encryption
TLDR and details on VoidStealer, an infostealer bypassing Chrome's App-Bound Encryption to extract credentials and session data.
Shadow Supply: The Package That Stole Your Secrets
TLDR and affected version summary for the node-ipc npm supply-chain compromise.
Mini Shai-Hulud: The Package That Crawled Through CI
TLDR and affected package summary for the Mini Shai-Hulud npm and PyPI supply-chain campaign.