Suspected state-sponsored hackers covertly hijacked Notepad++'s update infrastructure, targeting select users with malicious redirects and exposing open-source supply chain vulnerabilities.
A seemingly harmless NuGet package, Tracer.Fody.NLog, used linguistic trickery and code impersonation to steal cryptocurrency wallet data from unsuspecting .NET developers. Here’s how the attack unfolded—and why it signals a growing risk for open-source supply chains.
#Cryptocurrency Theft | #Open-Source Security | #Supply-Chain Attack
A sophisticated cybercrime campaign leverages AI-generated code and social engineering to spread PyStoreRAT malware through trusted open-source repositories, signaling a dangerous shift in supply chain exploitation.
SmartTube, a popular YouTube client for Android TV, was breached to deliver hidden malware. The attack exposes risks in open-source apps and the importance of digital trust.