Popular Topics

Topics

About

Policies

Our Network

More

Cybercrime

Cybercrime | News, how-tos, features, reviews, and videos

news

Threat actors are spreading malicious extensions via VS marketplaces

Report from Wiz also says developers are uploading extensions that include access tokens and other secrets.

By Howard Solomon
Oct 17, 2025 9 mins
Cybercrime Development Tools Malware
news

QR codes become the vehicle for malware in new technique

A newly-discovered malicious package with layers of obfuscation is disguised as a utility library, with malware essentially hiding in plain sight in embedded QR codes.

By Taryn Plumb
Sep 23, 2025 4 mins
Development Tools Malware Version Control Systems
opinion

NPM attacks and the security of software supply chains

Process improvements and a closer look at funding streams will provide far more protection for the open source software we depend on than isolated guardrails.

By Matt Asay
Sep 22, 2025 7 mins
Cyberattacks Open Source Security Practices
news

Google to add developer verification requirement for Android apps

Scheduled for rollout starting in September 2026, the program aims to restrict malware distribution by requiring developer verification for apps installed on Android devices.

By Paul Krill
Sep 2, 2025 2 mins
Malware Mobile Development Mobile Security
news

Supply chain attack compromises NPM packages to spread backdoor malware

Phishing attacks on package maintainer accounts led to infected JavaScript type testing utilities.

By John E. Dunn
Jul 24, 2025 1 min
Engineer Malware Open Source
news

GitHub hit by a sophisticated malware campaign as ‘Banana Squad’ mimics popular repos

Attackers use typo-squatting, obfuscation, and fake accounts to slip Python-based malware into open-source projects, raising fresh alarms for OSS supply chain security.

By Shweta Sharma
Jun 20, 2025 1 min
Engineer Malware Security
news

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection.

By Shweta Sharma
Jun 17, 2025 1 min
Engineer Malware Python
news

Warning to developers: Stay away from these 10 VSCode extensions

Malicious extensions that install a cryptominer were released just as the weekend started.

By Howard Solomon
Apr 7, 2025 1 min
Development Tools Engineer Malware
news

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories.

By Gyana Swain
Mar 19, 2025 5 mins
Build Automation Data Breach Engineer
news

Thousands of open source projects at risk from hack of GitHub Actions tool

Researchers say compromised tool in the GitHub CI/CD environment stole credentials; infosec leaders need to act immediately.

By Howard Solomon
Mar 17, 2025 5 mins
Data Breach Version Control Systems Vulnerabilities