FlagThis

CyberSecurity updates
2024-12-26 16:40:32 Pacfic
MalBot @ Malware Analysis, News and Indicators
Supply Chain Attack on Open Source Packages - 5d
Read more: malware.news

A supply chain attack has compromised open-source packages associated with rspack and vant, injecting cryptomining malware. The compromised packages had hundreds of thousands of weekly downloads, posing a significant threat to users of these projects. The affected version is 1.1.7. This event underscores the growing threat of supply chain attacks targeting open-source software projects. The vulnerability emphasizes the need for stronger security protocols in open-source ecosystems and for better vetting of dependencies.

References:
  • Malware Analysis, News and Indicators - Open source in the crosshairs: New cryptomining hacks highlight key threat - 5d
  • The Hacker News - TheHackerNews article about Rspack npm packages compromised with crypto mining malware. - 5d
  • @AAKL - Socket, from yesterday: Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware More: - 5d
  • Security Risk Advisors - Supply Chain Attack on Rspack npm Packages Deploys Cryptojacking Malware - 5d
  • ReversingLabs Blog - ReversingLabs reports on cryptomining hacks in open source projects. - 5d
  • socket.dev - Open source in the crosshairs: New cryptomining hacks highlight key threat - 5d
  • Over Security - Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. - 5d
  • Osint10x - Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack - 5d
  • Osint10x - OSINT10X reports on cryptomining hacks on open source packages. - 5d
  • @BleepingComputer - Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. - 4d
  • Security Boulevard - OSS in the crosshairs: Cryptomining hacks highlight key new threat - 4d
  • 2024 Sonatype Blog - npm packages from Rspack, Vant compromised, blocked by Sonatype - 2d
  • @rspack - npm packages from Rspack, Vant compromised, blocked by Sonatype - 2d
  • Malware Analysis, News and Indicators - Supply chain attack compromises rspack, Vant packages with XMRig cryptominer - 2d
  • Malware Archives - Rspack Supply Chain Attack Injects Cryptojacking Malware Into npm Ecosystem - 2d
  • SCM feed for Security Strategy, Plan, Budget - Supply chain attack compromises rspack, Vant packages with XMRig cryptominer - 2d
  • osint10x.com - Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner - 2d
  • securityonline.info - Rspack Supply Chain Attack Injects Cryptojacking Malware Into npm Ecosystem - 2d
  • Osint10x - Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner - 2d
  • hackread.com - Supply Chain Attack Hits Popular Rspack and Vant npm Packages with Monero Miner - 1d
  • The Hacker News - Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts - 1d
  • Techzine Global - Two malicious Python packages revealed by FortiGuard Labs - 1d

Classification:

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.