CrowdStrike
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
-
Microsoft and CrowdStrike Collaborate to Standardize Cyber Threat Actor Taxonomies
Microsoft and CrowdStrike have announced a strategic collaboration to unify their cyber threat actor taxonomies, enhancing the ability of security professionals to analyze and respond to cyber threats by reducing confusion among different aliases used for hacking groups.
