-
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion.
- June 28, 2024
- 09:00 AM
1
-
Polyfill claims it has been 'defamed', returns after domain shut down
The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill."
- June 27, 2024
- 06:57 AM
0
-
Cloudflare: We never authorized polyfill.io to use our name
Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack.
- June 27, 2024
- 05:18 AM
- 1
-
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.
- June 25, 2024
- 03:25 PM
- 2
-
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.
- June 25, 2024
- 02:10 PM
- 1
-
JAVS courtroom recording software backdoored in supply chain attack
Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems.
- May 23, 2024
- 05:17 PM
- 0
-
Russian Sandworm hackers targeted 20 critical orgs in Ukraine
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA).
- April 22, 2024
- 08:30 AM
- 0
-
Malicious Visual Studio projects on GitHub push Keyzetsu malware
Threat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the "Keyzetsu" clipboard-hijacking malware and steal cryptocurrency payments.
- April 10, 2024
- 07:00 AM
- 0
-
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.
- February 19, 2024
- 03:24 PM
- 0
-
'everything' blocks devs from removing their own npm packages
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry.
- January 04, 2024
- 04:55 AM
- 2
-
Ledger dApp supply chain attack steals $600K from crypto wallets
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs.
- December 14, 2023
- 11:22 AM
- 0
-
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
- November 24, 2023
- 12:28 PM
- 0
-
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
- November 22, 2023
- 01:06 PM
- 0
-
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
- November 10, 2023
- 02:57 PM
- 0
-
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
- October 27, 2023
- 12:15 PM
- 0
-
Free Download Manager releases script to check for Linux malware
The developers of Free Download Manager (FDM) have published a script to check if a Linux device was infected through a recently reported supply chain attack.
- September 20, 2023
- 03:02 PM
- 0
-
Free Download Manager site redirected Linux users to malware for years
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.
- September 12, 2023
- 11:25 AM
- 5
-
Carderbee hacking group hits Hong Kong orgs in supply chain attack
A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions in Asia, using legitimate software to infect targets' computers with the PlugX malware.
- August 22, 2023
- 06:00 AM
- 0
-
Rust devs push back as Serde project ships precompiled binaries
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for supply chain attacks.
- August 19, 2023
- 09:55 AM
- 0
-
Google Cloud Build bug lets hackers launch supply chain attacks
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories.
- July 18, 2023
- 09:00 AM
- 0
0
-
Remove the Theonlinesearch.com Search Redirect
Filed Under: Adware -
Remove the Smartwebfinder.com Search Redirect
Filed Under: Adware -
How to remove the PBlock+ adware browser extension
Filed Under: Adware -
Remove the Toksearches.xyz Search Redirect
Filed Under: Adware -
Remove the Smashapps.net Search Redirect
Filed Under: Adware
-
Version: 5.1.5.1165M+ Downloads
-
Version: 1.33.07554,220 Downloads
-
Version: 0.8141,953 Downloads
-
Version: NA103,249 Downloads
-
Version: NA150,238 Downloads
