News The biggest cybersecurity and cyberattack stories of 2025
2025 was a big year for cybersecurity, with major cyberattacks, data breaches, threat groups reaching new notoriety leve...
supply chain attack
News 
News Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal W...
News Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets
The second Shai-Hulud attack last week exposed around 400,000 raw secrets after infecting hundreds of packages in the NP...
News Shai-Hulud malware infects 500 npm packages, leaks secrets on GitHub
Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been plant...
News Google exposes BadAudio malware used in APT24 espionage campaigns
China-linked APT24 hackers have been using a previously undocumented malware called BadAudio in a three-year espionage c...
News 新たな “IndonesianFoods “スパマー、15万パッケージでnpmを氾濫させる
記事とタイトルを更新し、「ワーム」という用語を削除しました。以下の更新を参照のこと。 npmで公開されている自動スパムペイロードは、7秒ごとに新しいパッケージを生成してレジストリをスパムし、大量のジャンクを作成する。 この複製ペイロードは、...
News GlassWormマルウェアが3つの新しいVSCode拡張機能でOpenVSXに戻ってくる
先月OpenVSXとVisual Studio Codeのマーケットプレイスに影響を与えたGlassWormマルウェアキャンペーンが、すでに10,000回以上ダウンロードされている3つの新しいVSCode拡張機能とともに戻ってきた。 Gla...
News Open VSX rotates access tokens used in supply-chain malware attack
The Open VSX registry rotated access tokens after they were accidentally leaked by developers in public repositories and...
News PhantomRaven attack floods npm with credential-stealing packages
An active campaign named ‘PhantomRaven’ is targeting developers with dozens of malicious npm packages that steal authent...
News GitHub tightens npm security with mandatory 2FA, access tokens
GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale in...