Open Source
-
Nx supply-chain attack: Malicious npm packages exfiltrate credentials and tokens
Security researchers say a supply-chain attack on the nx build system led to malicious nx npm packages that exfiltrated credentials and tokens. The breach was tied to a vulnerable PR workflow and elevated GitHub permissions, prompting widespread token rotation and intensified vendor-targeted remediation.
-
North Korea’s Lazarus Group Shifts Tactics; Canadian City Faces Major Security Costs
North Korea’s Lazarus Group has reportedly transitioned to tactics involving the distribution of malware-laden open-source software, raising concerns over cybersecurity. Meanwhile, the city of Hamilton has incurred major costs due to a significant ransomware attack amid a slow rollout of security measures, while ethical hackers eye substantial rewards in the upcoming Pwn2Own competition. Additionally, CISA…
-
Urgent Measures Required as Samsung MagicINFO 9 Server Vulnerability Under Attack
A critical vulnerability in the Samsung MagicINFO 9 Server is being actively exploited by hackers to execute remote code and deploy malware, emphasizing the urgent need for system upgrades.
-
Major Vulnerabilities Discovered in Apple’s AirPlay: Millions At Risk
A new report reveals critical vulnerabilities in Apple’s AirPlay that threaten billions of devices. Cybersecurity firm Oligo has identified numerous weaknesses that could enable unauthorized control, data theft, and communication interception, calling for immediate action from users and manufacturers.
-
Cloudflare Open-Sources OPKSSH to Enhance SSH Management with Single Sign-On Integration
Cloudflare has announced the open-sourcing of OPKSSH, a tool that integrates single sign-on technologies into SSH management, enhancing security and user convenience by replacing long-lived SSH keys with ephemeral keys generated on demand.
