CyberSecurity news

FlagThis - #developers

@cloudnativenow.com //

Docker Introduces Hardened Images for Enhanced Security - Docker, Inc. has released Hardened Images, a curated catalog of security-hardened container images, allowing application development teams to better secure their software supply chains and complies with the Supply Chain Levels for Software Artifacts (SLSA) framework defined by Google and the Open Source Security Foundation (OpenSSF).
References: Docker , BetaNews , Techzine Global ...
Docker, Inc. has unveiled Docker Hardened Images (DHI), a new offering designed to enhance software supply chain security for application development teams. These curated container images are built to be secure, minimal, and production-ready, providing a trusted foundation for developers working across multiple Linux distributions, including Alpine and Debian. DHI aims to address the growing challenges of securing container dependencies by providing enterprise-grade images with built-in security features.

DHI is integrated directly into Docker Hub, making it easily accessible to developers. Docker Hardened Images are designed to prevent them from being able to run at root, which is an important security consideration. Each curated container image has been digitally signed and complies with the Supply Chain Levels for Software Artifacts (SLSA) framework defined by Google and the Open Source Security Foundation (OpenSSF). Several partners, including Cloudsmith, GitLab, Grype, JFrog, Microsoft, Neo4j, NGINX, Sonatype, Sysdig and Wiz, are also providing hardened container images of their software.

The focus of DHI is on practicality and seamless integration into existing developer workflows. Docker is committed to making software supply chain security more accessible and actionable. DHI offers platform engineers a scalable way to manage secure, compliant images with full control over policies and provenance. DHI containers include SBOMs, VEX statements, digital signatures, and SLSA Build Level 3 attestations for full provenance and transparency.

Recommended read:
References :
  • Docker: Introducing Docker Hardened Images: Secure, Minimal, and Ready for Production
  • BetaNews: Docker introduces Hardened Images to boost supply chain security
  • cloudnativenow.com: Docker, Inc. Adds Curated Hardened Container Images to Hub
  • Techzine Global: Docker launches Hardened Images for enhanced security
TIGR Threat@Security Risk Advisors //

Supply Chain Attack Hits npm Package Rand User Agent - A supply chain attack has compromised the ‘rand-user-agent’ npm package, injecting obfuscated code that activates a remote access trojan (RAT).
A supply chain attack has successfully compromised the 'rand-user-agent' npm package, injecting obfuscated code designed to activate a remote access trojan (RAT) on unsuspecting users' systems. This JavaScript library, used for generating randomized user-agent strings beneficial for web scraping and automated testing, has been averaging 45,000 weekly downloads despite being deprecated. The malicious activity was detected by an automated malware analysis pipeline on May 5, 2025, which flagged the [email protected] version for containing unusual code indicative of a supply chain attack.

The injected RAT was designed to establish a persistent connection with a command and control (C2) server at http://85.239.62[.]36:3306. Upon activation, the RAT transmits critical machine identification data, including hostname, username, operating system type, and a generated UUID, enabling attackers to uniquely identify and manage compromised systems. Once connected, the RAT listens for commands from the C2 server, allowing attackers to manipulate the file system, execute arbitrary shell commands, and exfiltrate data from affected systems.

Researchers at Aikido noted that threat actors exploited the package's semi-abandoned but still popular status to inject malicious code into unauthorized releases. The compromised versions of the package were promptly removed from the npm repository. Users are advised to check their systems for any installations of the compromised package and implement robust security practices to mitigate the risk of similar supply chain attacks. This incident underscores the critical importance of vigilant monitoring and dependency management in software development to protect against supply chain vulnerabilities.

Recommended read:
References :
  • bsky.app: A threat actor has compromised the rand-user-agent JavaScript library and released a malicious version containing a remote access trojan.
  • BleepingComputer: An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.
  • The DefendOps Diaries: Understanding the Supply Chain Attack on 'rand-user-agent' npm Package
  • www.bleepingcomputer.com: An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.
  • Secure Bulletin: Malicious npm packages hijack macOS Cursor AI IDE
  • Security Risk Advisors: Malicious npm Packages Target macOS Cursor Editor and Cryptocurrency Users in Coordinated Supply Chain Attacks
  • The Hacker News: Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Security Risk Advisors: RATatouille RAT Discovered in Compromised rand-user-agent NPM Package Affecting Thousands of Weekly Downloads
  • BleepingComputer: An npm package named 'rand-user-agent' has been compromised in a supply chain attack to inject obfuscated code that activates a remote access trojan (RAT) on the user's system.
  • socket.dev: Malicious #npm packages targeting #Cursor editor and #crypto users steal credentials and execute remote code. #cybersecurity #supplychain
@aithority.com //

Cloudflare Delivers Toolkit For AI Agents - Cloudflare enhances its platform for AI agent development with new Agents SDK support for MCP clients, authentication/authorization/hibernation for MCP servers, and a free tier for Durable Objects.
Cloudflare is significantly enhancing its platform for AI agent development, introducing new tools and features aimed at accelerating the creation and deployment of these autonomous systems. The company's Developer Week kicked off with the announcement of several advancements building upon the Agents SDK JavaScript framework released in February. These include industry-first remote Model Context Protocol (MCP) server, generally available access to durable Workflows, and a free tier for Durable Objects. These advancements are designed to drastically reduce the time it takes to build sophisticated AI agents, making the technology more accessible and affordable for developers.

Cloudflare's focus centers around the Model Context Protocol (MCP), an open standard that enables AI agents to directly interact with external services, shifting them from merely providing instructions to actively completing tasks. The newly introduced remote MCP server eliminates the previous limitation of running MCP locally, opening doors for wider adoption. Furthermore, Cloudflare is providing new Agents SDK capabilities to build remote MCP clients, with transport and authentication built-in, to allow AI agents to connect to external services. This also included integrations with Stytch, Auth0, and WorkOS to add authentication and authorization to your remote MCP server

The company's new tools address key challenges in AI agent development by simplifying integrations, managing client lifecycles, and assigning granular permissions. Stytch and Cloudflare have also partnered to secure Remote MCP servers with OAuth. This partnership solves the challenge of robust authorization for AI agents, enabling Remote MCP authorization via OAuth. By addressing these challenges, Cloudflare is positioning itself as a leading platform for building and scaling agentic AI, lowering the barrier to entry for developers and unlocking new possibilities for AI-driven automation.

Recommended read:
References :
  • Cloudflare: Cloudflare delivers toolkit for AI agents with new Agents SDK support for MCP (Model Context Protocol) clients, authentication/authorization/hibernation for MCP servers and Durable Objects free tier.
  • aithority.com: Cloudflare Accelerates AI Agent Development With The Industry’s First Remote MCP Server
  • techstrong.ai: Solo.io Adds MCP Gateway to Open Source API Management Platform
  • blog.cloudflare.com: Cloudflare delivers toolkit for AI agents with new Agents SDK support for MCP (Model Context Protocol) clients, authentication/authorization/hibernation for MCP servers and Durable Objects free tier.
  • The Cloudflare Blog: Piecing together the Agent puzzle: MCP, authentication & authorization, and Durable Objects free tier
Ddos@Daily CyberSecurity //

Lazarus Expands npm Campaign with BeaverTail Malware - North Korean Lazarus APT expands presence in npm ecosystem, delivering BeaverTail malware and a new RAT loader via malicious packages downloaded over 5,600 times, employing obfuscation techniques to evade detection in the 'Contagious Interview' campaign.
North Korean Lazarus APT group has expanded its malicious activities within the npm ecosystem, deploying eleven new packages designed to deliver the BeaverTail malware and a new remote access trojan (RAT) loader. These malicious packages have been downloaded over 5,600 times before their removal, posing a significant risk to developer systems. The threat actors are utilizing previously identified aliases, as well as newly created accounts, to distribute these packages.

The campaign, dubbed "Contagious Interview," aims to compromise developer systems, steal sensitive credentials or financial assets, and maintain access to compromised environments. To evade detection, the attackers are employing hexadecimal string encoding and other obfuscation techniques. Some of the packages, such as "events-utils" and "icloud-cod," are linked to Bitbucket repositories, while others use command-and-control (C2) addresses previously associated with Lazarus Group campaigns, indicating the scale and coordination of this operation.

Cybersecurity researchers are urging developers to be vigilant and carefully review all dependencies before installing them. The North Korean threat actors continue to create new npm accounts and deploy malicious code across platforms like the npm registry, GitHub, and Bitbucket, demonstrating their persistence and showing no signs of slowing down. This campaign highlights the increasing sophistication of supply chain attacks and the need for robust security measures to protect against such threats.

Recommended read:
References :
  • Security Risk Advisors: Socket Research Team's report
  • The Hacker News: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages
  • ciso2ciso.com: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages – Source:thehackernews.com
  • Talkback Resources: North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages [net] [mal]
  • securityonline.info: Lazarus Group Expands Malicious Campaign on npm, Targets Developers with New Malware
  • securityonline.info: Lazarus Group Expands Malicious Campaign on npm, Targets Developers with New Malware
  • www.scworld.com: Malicious npm packages, BeaverTail malware leveraged in new North Korean attacks
  • Cyber Security News: North Korean cyber threat actors, Lazarus Group, have escalated their supply chain attack tactics by introducing a series of malicious npm (Node Package Manager) packages.
  • cyberpress.org: North Korean cyber threat actors, Lazarus Group, have escalated their supply chain attack tactics by introducing a series of malicious npm (Node Package Manager) packages. Utilizing sophisticated hexadecimal encoding to camouflage their code and evade detection systems, the group aims to compromise developer systems, steal sensitive credentials, and maintain persistent access to targeted environments.
  • Chris Wysopal: Infosec.Exchange post on new supply chain NPM package malware attacks found.

Posts

Blogs

Research Tools