Bleeping Computer

Hacker Wannabes Fooled by Backdoored IP Scanner

Wannabe hackers looking to create their very own Reaper botnet might have gotten more than they asked when they downloaded an IP scanner over the past few weeks. The IP scanner is a PHP file that was ...
Bleeping Computer

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running ...
Ars Technica

Backdoored developer tool that stole credentials escaped notice for 3 months

A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply ...
Tech Times

Red Hat npm Packages Compromised, 57 More Follow: Signed Attestations Cannot Block Pipeline Hijack

Miasma compromised 32 Red Hat packages June 1 via a hijacked CI/CD pipeline producing valid SLSA attestations, then hit 57 more June 3 using Phantom Gyp to evade install monitors. Red Hat confirmed no ...