malicious
-
Blog
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. ‘Innocent looking PR’ caught injecting backdoor On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone…
Read More » -
Blog
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice typosquatting the legitimate SSH remote server…
Read More » -
Blog
Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachments
Hackers are refining their ‘qishing’ techniques by hiding malicious QR codes in PDF documents attached to emails impersonating major organizations. New research from Barracuda Networks highlighted the rapid evolution of qishing attacks – a social engineering technique that uses QR codes to redirect users to phishing pages – which has grown over the last three months. Threat intelligence researchers at…
Read More »