A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has ...

Microsoft Disrupts Malware-Signing Service Used by Ransomware Gangs

Microsoft disrupted Fox Tempest, a malware-signing service accused of abusing Azure certificates to disguise ransomware and ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...

New Shai-Hulud malware wave compromises 600 npm packages

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Leaked Shai-Hulud malware fuels new npm infostealer campaign

The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected ...
SecurityWeek

First Shai-Hulud Worm Clones Emerge

A threat actor started using the Shai-Hulud worm in attacks only days after the malware’s source code was released.
IEEE

MalPDT: Backdoor Attack Against Static Malware Detection With Plug-and-Play Dynamic Triggers

Abstract: The Deep Neural Network (DNN) based detection model’s dependency on third-party crowdsourced sources poses a new security threat from backdoor attacks against malware detectors. Attackers ...
IEEE

A Systematic Review on Detection, Repair, and Explanation of Vulnerabilities in Source Code Using Large Language Models

Abstract: Software vulnerabilities pose critical risks to the security and reliability of modern systems, requiring effective detection, repair, and explanation techniques. Large Language Models (LLMs ...