4 matches found
Malicious code in @marketfront/baobabtech (npm)
The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files
The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...
Digital Bazaar Forge Data Forgery Issue Vulnerability
Digital Bazaar Forge is a native implementation of Tls in Javascript and an open source tool for writing encryption-based and network-intensive Web applications from Digital Bazaar, Inc. digitalbazaar Forge versions prior to 1.3.0 are vulnerable to a data forgery issue that originates from RSA PK...
Massive ransomware attack forces authorities to use typewriters
By Waqas The ransomware attack also forced employees to use hand receipts. Two municipalities in Alaska one town and one borough to be precise have become victims of sophisticated encryption-based malware ransomware attack. Reportedly, the Matanuska-Susitna Mat Su and the City of Valdez have both...