A massive software supply chain attack has compromised over 20 popular npm packages, including chalk and debug, affecting 2B+ weekly downloads. Learn how a simple phishing attack on a maintainer led to crypto-stealing malware being distributed to millions.
Cybersecurity researchers are sounding the alarm on a dual-pronged threat targeting Brazil. In one campaign, threat actors are leveraging legitimate generative AI tools to create highly convincing phishing pages of Brazilian government agencies to trick users into making payments. These fraudulent sites are boosted with SEO poisoning to appear in top search results. Simultaneously, a separate malspam campaign is distributing the Efimer trojan, a potent malware designed to steal cryptocurrency, which has already impacted over 5,000 users.
