CrowdStrike
-
CrowdStrike and partners disrupt GlassWorm malware command channels
CrowdStrike said it and partners disrupted all command and control channels used by GlassWorm, a developer-targeting malware campaign that poisoned more than 300 GitHub repositories and used four separate infrastructure layers.
-
Self-propagating npm supply-chain attack hits at least 187 packages in ‘Shai-Hulud’ worm
Security researchers warn of a self-propagating supply-chain attack on npm that has compromised at least 187 packages in a campaign dubbed ‘Shai-Hulud.’ The worm begins with the widely used @ctrl/tinycolor package and spreads to other maintainers’ packages, using a bundle.js payload that leverages TruffleHog to exfiltrate secrets and forge GitHub Actions workflows.
-
Microsoft and CrowdStrike Collaborate to Standardize Cyber Threat Actor Taxonomies
Microsoft and CrowdStrike have announced a strategic collaboration to unify their cyber threat actor taxonomies, enhancing the ability of security professionals to analyze and respond to cyber threats by reducing confusion among different aliases used for hacking groups.
