SecurityWeek

Infostealer Malware Delivered in EmEditor Supply Chain Attack

The text and code editing tool EmEditor was targeted in a supply chain attack that resulted in the distribution of infostealer malware.
Amazon S3 on MSN

The biggest supply chain hack ever just happened safely

A recent supply chain malware attack affected popular NPM packages, potentially reaching millions of downloads in just a few ...
The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

Shai Hulud is a malware campaign first observed in September targeting the JavaScript ecosystem that focuses on supply chain compromise rather than traditional endpoint infection, using trojanized ...
Morning Overview on MSN

IBM’s “Bob” AI can be tricked into running malware

IBM’s experimental coding assistant “Bob” was pitched as a way to automate routine development tasks, but security ...

New Shai Hulud 3.0 malware variant raises fresh supply chain security concerns

A newly discovered third variant of the Shai Hulud malware is raising fresh concerns about the security of the open-source software supply chain, as researchers warn that the latest version shows more ...
Bleeping Computer

Android emulator supply-chain attack targets gamers with malware

ESET researchers have discovered that the updating mechanism of NoxPlayer, an Android emulator for Windows and macOS, made by Hong Kong-based company BigNox, was compromised by an unknown threat actor ...
Threat Post

38 Android Devices Infected with Malware Preinstalled in Supply Chain

Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain. Mobile devices manufactured by a diverse set of handset makers were ...