News F-Droid project threatened by Google’s new dev registration rules
F-Droid is warning that the project could reach an end due to Google’s new requirements for all Android developers to ve...
Open Source
News 
News Malicious Rust packages on Crates.io steal crypto wallet keys
Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to st...
News GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale in...
News NPM package caught using QR Code to fetch cookie-stealing malware
Newly discovered npm package 'fezbox' employs QR codes to retrieve cookie-stealing malware from the threat actor's serve...
News New EDR-Freeze tool uses Windows WER to suspend security software
A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from u...
News Defending against malware persistence techniques with Wazuh
Malware persistence techniques enable attackers to maintain access to compromised endpoints despite system reboots, cred...
News 60個の悪意あるRuby gemsが275,000回ダウンロードされ、認証情報を盗む
2023年3月以降、認証情報を盗むコードを含む60個の悪質なRuby gemsが、開発者アカウントを標的に275,000回以上ダウンロードされている。 この悪質なRuby gemsはSocket社によって発見されたもので、主にInstagr...
News CISA open-sources Thorium platform for malware, forensic analysis
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an ...
News npm ‘accidentally’ removes Stylus package, breaks builds and pipelines
npm has taken down all versions of the real Stylus library and replaced them with a "security holding" page, breaking pi...
News 人気のnpm linterパッケージがフィッシングで乗っ取られマルウェアを落とす
今週、人気のJavaScriptライブラリが乗っ取られ、標的型フィッシングとクレデンシャル盗難によるサプライチェーン攻撃でマルウェアのドロッパーと化した。 npmパッケージのeslint-config-prettierは、毎週3000万回以...