InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise. A newly disclosed malware strain dubbed ...
IT News For Australia Business

"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...
Dark Reading

China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years

More details on suspected China-nexus actors quietly establishing years-long access to the networks of military organizations in Southeast Asia have come to light. After an investigation, Unit 42 ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
IT News For Australia Business

Supply chain attack hits 100 million-download Axios npm package

A widely used JavaScript package used with over a hundred million weekly downloads has been compromised in a new supply chain attack to fetch a malware payload for Windows, Linux systems and macOS ...
Dark Reading

SideWinder Espionage Campaign Expands Across Southeast Asia

Recent cyber-espionage activity attributed to the SideWinder threat group suggests that the India-linked operation has expanded across Southeast Asia, including Indonesia and Thailand, while ...
Hosted on MSN

New CEO Josh D’Amaro wants Disney’s flywheel to spin faster

To understand where new Disney chief executive Josh D’Amaro wants to take the 102-year-old company, visit one of its U.S. theme parks Memorial Day weekend. At the same time the new Star Wars movie ...