A cybersecurity researcher, delving into the depths of a malicious Python package, suddenly finds themselves in the crosshairs of the very hacker they were tracking. What starts as a pursuit of understanding harmful code evolves into a strategic battle of
Happy New Year! What a way to open 2024! NPM user account gdi2290, aka PatrickJS, published a troll campaign to the NPM registry by uploading a package named “everything”, which relies on every other public NPM package, resulting in millions of transitive dependencies. This
In early December, a number of malicious Python packages captured our attention, not just because of their malicious nature, but for the cleverness of their deployment strategy. The threat actors behind these packages deviated from conventional tactics, introducing a nuanced
In an alarming development for the cryptocurrency community, the Ledger Connect Kit, has fallen victim to a sophisticated supply chain attack, resulting in the redirection of users’ crypto transactions to a wallet controlled by the attacker. The Ledger Connect Kit is
In an era where digital warfare is as impactful, if not more so, than conventional warfare, one country has been consistently evolving its cyber-attack strategies, mainly focusing on supply chain compromises. Recent investigations have uncovered North Korean state-sponsored groups carrying
HuggingFace Hub has become a go-to platform for sharing and exploring models in the world of machine learning. Recently, I embarked on a journey to experiment with various models on the hub, only to stumble upon something interesting – the
Key Points It has become commonplace for attackers to invest a significant amount of time and effort within the open-source ecosystem. Attackers, driven by malicious intent, demonstrate an extraordinary level of persistence in their pursuit of exploiting vulnerabilities in the
In the realm of software development, open-source tools and packages play a pivotal role in simplifying tasks and accelerating development processes. Yet, as the community grows, so does the number of bad actors looking to exploit it. A recent example
In the realm of cyber warfare, adversary strategies are continuously evolving. With the reliance of our digital world on open-source software, we’ve noted an escalation in the complexity of attack methods. Threat actors are architecting complicated traps within the software
Key Points During the month of September, an attacker operating under the pseudonym “kohlersbtuh15”, attempted to exploit the open-source community by uploading a series of malicious packages to the PyPi package manager. Based on the names of these packages and
©2024 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified
