One of the follow-on payloads pushed to about a dozen organizations was what Kaspersky described as a “minimalistic backdoor.” It […]
Category: supply chain attack
Malicious packages for dYdX cryptocurrency exchange empties user wallets
Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX […]
Hundreds of e-commerce sites hacked in supply-chain attack
Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious […]
Large enterprises scramble after supply-chain attack spills their secrets
Skip to content tj-actions/changed-files, corrupted to run credential-stealing memory scraper. Open-source software used by more than 23,000 organizations, some of […]
Go Module Mirror served backdoor to devs for 3+ years
A mirror proxy Google runs on behalf of developers of the Go programming language pushed a backdoored package for more […]