🚀 Sonatype Reports Surge in Open Source Malware in Early 2025
#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
According to Foresight News, Sonatype, a company specializing in end-to-end software supply chain security, has released its Open Source Malware Index for the first quarter of 2025. The report highlights significant activities, including nearly ten incidents of npm crypto package hijackings, counterfeit VS Code Truffle packages, and malware targeting Solana developers.
The findings indicate that cryptocurrency mining software accounted for 7% of the malware detected in this period, doubling from 3.5% in the fourth quarter of 2024. This increase underscores the growing threat posed by malicious software in the open-source ecosystem.#Sonatype #OpenSourceMalware #npm #crypto #malware #softwareSecurity #cryptocurrency #Solana #VSCode #Truffle #maliciousSoftware #softwareSupplyChain #SOL
🚀 North Korean Hackers Target Software Libraries with Malicious Code
#NorthKoreanHackers #Npm #Malware #MaliciousPackages #InfectiousInterview #Express #Hardhat #Blockchain #Web3 #Cryptocurrency #WalletSecurity #MemoryDecryption #Loader #GitHub #SupplyChainSecurity #CodeScanning #DependencyManagement #SoftwareSecurity
According to PANews, a report by U.S. cybersecurity firm Socket reveals that North Korean hackers have uploaded over 300 malicious code packages to the popular software repository npm. These packages, disguised as misspelled versions of popular libraries like express and hardhat, contain malware capable of stealing passwords and cryptocurrency wallet keys. The operation, dubbed 'Infectious Interview,' involves hackers posing as tech recruiters targeting blockchain and Web3 developers. Despite some malicious packages being removed after approximately 50,000 downloads, several remain online. Researchers traced the code patterns back to North Korean hacker groups, noting the use of memory decryption techniques in loader scripts to avoid detection. Although GitHub has enhanced verification processes and removed some malicious packages, the threat to supply chain security persists. Security experts advise development teams to treat each dependency installation as a potential code execution risk, recommending thorough scanning and verification before integration into projects.#NorthKoreanHackers #Npm #Malware #MaliciousPackages #InfectiousInterview #Express #Hardhat #Blockchain #Web3 #Cryptocurrency #WalletSecurity #MemoryDecryption #Loader #GitHub #SupplyChainSecurity #CodeScanning #DependencyManagement #SoftwareSecurity
🚀 Security Alert Issued for OpenClaw Software
#SecurityAlert #OpenClaw #SoftwareSecurity #NS3AI #InstallationGuidelines #RiskMitigation
The National Internet Emergency Center has released a security application risk alert concerning the OpenClaw software. According to NS3.AI, this alert comes after previous incidents where incorrect installation and usage of OpenClaw led to security issues. Users are advised to follow proper installation guidelines to mitigate potential risks.#SecurityAlert #OpenClaw #SoftwareSecurity #NS3AI #InstallationGuidelines #RiskMitigation
🚀 Bitcoin Core Enhances Security Measures to Mitigate Supply-Chain Risks
#BitcoinCore #SecurityMeasures #SupplyChainRisks #Guix #Reproducibility #SoftwareSecurity #BTC
Bitcoin Core's build system is structured to allow independent contributors to reproduce and verify the binaries distributed on bitcoincore.org. According to NS3.AI, the project employs Guix, a tool that helps ensure reproducibility and security. By avoiding auto-updates and continuously reducing external dependencies, Bitcoin Core aims to minimize supply-chain risks, enhancing the overall security of its software.#BitcoinCore #SecurityMeasures #SupplyChainRisks #Guix #Reproducibility #SoftwareSecurity #BTC
🚀 CertiK Urges Enhanced Security Measures Following OpenClaw Report
#CyberSecurity #OpenSource #Vulnerability #CVE #GitHub #AccessControl #Sandboxing #LeastPrivilege #SoftwareSecurity #Infosec
CertiK has released a comprehensive security report on March 31, analyzing over 280 GitHub security advisories and more than 100 CVE vulnerabilities collected between November 2025 and March 2026. According to NS3.AI, the report highlights the need for developers and users to implement stricter access control, validate plugins, ensure sandbox isolation, and adopt least-privilege deployment strategies to enhance security measures.#CyberSecurity #OpenSource #Vulnerability #CVE #GitHub #AccessControl #Sandboxing #LeastPrivilege #SoftwareSecurity #Infosec
🚀 Axios Library Compromised by Malicious Attack
#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
An attacker has compromised the npm access token of the lead maintainer of Axios, a popular JavaScript HTTP client library, and used it to release two malicious versions containing cross-platform remote access trojans (RATs). According to ChainCatcher, these versions, axios@1.14.1 and axios@0.3.4, targeted macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry approximately three hours after their release.
Data from security company Wiz indicates that Axios is downloaded over 100 million times weekly and is present in about 80% of cloud and code environments. Security firm Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure period. Notably, the Axios project had implemented modern security measures such as the OIDC trusted publishing mechanism and SLSA provenance proofs. However, the attacker bypassed these defenses entirely.
The investigation revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN. When both tokens coexist, npm defaults to using the traditional token, allowing the attacker to publish without breaching OIDC.#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken