资讯

AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

Investigations into the Nx "s1ngularity" NPM supply chain attack have unveiled a massive fallout, with thousands of account ...
Tech Xplore on MSN3 天

Fraudsters use fake stars to game Github, scam users

Millions of users of GitHub, the premier online platform for sharing open-source software, rely on stars to establish their ...
The Security Ledger3 天

Ethereum Smart Contracts Abused In Open Source Supply Chain Attack

ReversingLabs researcher Lucija Valentić discovered malicious packages on the Node Package Manager (npm) open source ...
Arabian Post on MSN6 小时

Cyber-Attack Campaign GhostAction Targets GitHub Workflows

This breach exposed a critical weakness in the current CI/CD security model: the assumption that automated workflows are inherently benign. The GhostAction supply chain campaign underscores how ...
Cryptopolitan on MSN4 天

Hackers now hiding malware inside Ethereum smart contracts

ReversingLabs' research identified the npm packages clortoolv2 and mimelib2, which used Ethereum smart contracts to hide ...
SecurityWeek6 小时

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

Hackers used the secrets stolen in the recent Nx supply chain attack to publish over 6,700 private repositories publicly.

Hackers find new way to hide malware in Ethereum smart contracts

Security researchers found malware packages using the Ethereum blockchain to conceal malicious commands on GitHub repos.
The Hacker News4 天

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Two npm packages hide downloader commands via Ethereum smart contracts; uploaded July 2025; targeting crypto developers.
How-To Geek on MSN5 天

How to Set Up Home Assistant Community Store (And Why You Should)

Home Assistant is a dizzyingly powerful smart home platform, thanks in no small part to its vast array of integrations. But ...