Open source software developers continue to come under attack, with the latest threat being a custom malware that shares many of the attributes of the notorious Shai-Hulud self-propagating worm but comes with functions that make it more difficult for defenders to detect and to reverse engineer. Dubbed “IronWorm,” the infostealer is built in the Rust […]
WhiteCobra Targets Developers with Dozens of Malicious Extensions
A threat group is dropping two dozen malicious extensions into the VSCode and Open VSX marketplaces, targeting developers using the VSCode, Cursor, and Windsurf source code editing tools with the goal of draining cryptocurrency wallets. Researchers with security firm Koi Security have been tracking WhiteCobra’s activities for more than a year as the bad actors […]
Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains
Checkmarx, this week, reported it has discovered malicious software packages that, in addition to injecting malware capable of bypassing endpoint security to exfiltrate data, also provide persistent remote access and control of desktops and servers.
More Than 3,000 ‘Ghost’ Accounts Spreading Malware on GitHub
GitHub and similar open-source code and project repositories have become a common target of cybercriminals looking to lure developers into unknowingly downloading malicious scripts.
3 Lessons in Network Visibility from the A-List
The network can be host to multiple performance killers. Here are three worth noting Like Ed Sheeran as a secret stormtrooper in “Star Wars: The Rise of Skywalker,” some cameos are hard to spot. They can appear out of nowhere halfway through the film or remain a complete mystery until behind-the-scenes footage reveals the masked […]
Why Your Software Supply Chain Might Be Your Achilles Heel
Historically, cybercriminals are as lazy as they are innovative. They can come up with clever exploits and attack vectors, but they still generally focus on the low-hanging fruit in the most target-rich environments. Recently, attackers seem to have shifted focus away from directly targeting companies with strong security or a wealth of resources, instead going […]