4 matches found
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
In this article 1. Attack chain overview 1. Technical analysis 2. How GitHub took action to prevent further harm 2. Mitigation and protection guidance 1. Microsoft Defender XDR Detections 2. Microsoft Defender XDR Threat analytics 3. Advanced hunting 4. Indicators of Compromise IOC 3. References ...
Exploit for Embedded Malicious Code in Tanstack Tanstack\/Arktype-Adapter
TanStack Supply Chain Compromise - IOC Checker bash curl -...
Google Expands Its Bug Bounty Program to Tackle Artificial Intelligence Threats
Google has announced that it's expanding its Vulnerability Rewards Program VRP to compensate researchers for finding attack scenarios tailored to generative artificial intelligence AI systems in an effort to bolster AI safety and security. "Generative AI raises new and different concerns than...