Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

Updated: Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Bleeping Computer

Cracked macOS apps drain wallets using scripts fetched from DNS records

Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. The campaign appears directed at users of macOS Ventura and ...
Bleeping Computer

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running ...