CyberSecurity news
FlagThis - #developers
|
@gbhackers.com
//
The rise of AI-assisted coding is introducing new security challenges, according to recent reports. Researchers are warning that the speed at which AI pulls in dependencies can lead to developers using software stacks they don't fully understand, thus expanding the cyber attack surface. John Morello, CTO at Minimus, notes that while AI isn't inherently good or bad, it magnifies both positive and negative behaviors, making it crucial for developers to maintain oversight and ensure the security of AI-generated code. This includes addressing vulnerabilities and prioritizing security in open source projects.
Kernel-level attacks on Windows systems are escalating through the exploitation of signed drivers. Cybercriminals are increasingly using code-signing certificates, often fraudulently obtained, to masquerade malicious drivers as legitimate software. Group-IB research reveals that over 620 malicious kernel-mode drivers and 80-plus code-signing certificates have been implicated in campaigns since 2020. A particularly concerning trend is the use of kernel loaders, which are designed to load second-stage components, giving attackers the ability to update their toolsets without detection. A new supply-chain attack, dubbed "slopsquatting," is exploiting coding agent workflows to deliver malware. Unlike typosquatting, slopsquatting targets AI-powered coding assistants like Claude Code CLI and OpenAI Codex CLI. These agents can inadvertently suggest non-existent package names, which malicious actors then pre-register on public registries like PyPI. When developers use the AI-suggested installation commands, they unknowingly install malware, highlighting the need for multi-layered security approaches to mitigate this emerging threat.
Share:
References :
Classification:
@cloudnativenow.com
//
Docker, Inc. has unveiled Docker Hardened Images (DHI), a new offering designed to enhance software supply chain security for application development teams. These curated container images are built to be secure, minimal, and production-ready, providing a trusted foundation for developers working across multiple Linux distributions, including Alpine and Debian. DHI aims to address the growing challenges of securing container dependencies by providing enterprise-grade images with built-in security features.
DHI is integrated directly into Docker Hub, making it easily accessible to developers. Docker Hardened Images are designed to prevent them from being able to run at root, which is an important security consideration. Each curated container image has been digitally signed and complies with the Supply Chain Levels for Software Artifacts (SLSA) framework defined by Google and the Open Source Security Foundation (OpenSSF). Several partners, including Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig and Wiz, are also providing hardened container images of their software. The focus of DHI is on practicality and seamless integration into existing developer workflows. Docker is committed to making software supply chain security more accessible and actionable. DHI offers platform engineers a scalable way to manage secure, compliant images with full control over policies and provenance. DHI containers include SBOMs, VEX statements, digital signatures, and SLSA Build Level 3 attestations for full provenance and transparency.
Share:
References :
Classification:
TIGR Threat@Security Risk Advisors
//
A supply chain attack has successfully compromised the 'rand-user-agent' npm package, injecting obfuscated code designed to activate a remote access trojan (RAT) on unsuspecting users' systems. This JavaScript library, used for generating randomized user-agent strings beneficial for web scraping and automated testing, has been averaging 45,000 weekly downloads despite being deprecated. The malicious activity was detected by an automated malware analysis pipeline on May 5, 2025, which flagged the [email protected] version for containing unusual code indicative of a supply chain attack.
The injected RAT was designed to establish a persistent connection with a command and control (C2) server at http://85.239.62[.]36:3306. Upon activation, the RAT transmits critical machine identification data, including hostname, username, operating system type, and a generated UUID, enabling attackers to uniquely identify and manage compromised systems. Once connected, the RAT listens for commands from the C2 server, allowing attackers to manipulate the file system, execute arbitrary shell commands, and exfiltrate data from affected systems. Researchers at Aikido noted that threat actors exploited the package's semi-abandoned but still popular status to inject malicious code into unauthorized releases. The compromised versions of the package were promptly removed from the npm repository. Users are advised to check their systems for any installations of the compromised package and implement robust security practices to mitigate the risk of similar supply chain attacks. This incident underscores the critical importance of vigilant monitoring and dependency management in software development to protect against supply chain vulnerabilities.
Share:
References :
Classification:
|