GovInfoSecurity

Stop Malware at Build Time, Not Runtime

Dustin Kirkland of Chainguard explains how verified, hardened components and AI-powered automation can prevent malware ...

Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal ...
WeLiveSecurity

DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception

ESET researchers reveal how malware operators collaborate with covert North Korean IT workers, posing a threat to both headhunters and job seekers.
The Register on MSN

North Korea's Lazarus Group shares its malware with IT work scammers

Keeping Pyongyang's coffers full North Korean-linked crews connected to the pervasive IT worker scams have upped their ...
SecurityWeek

PyPI Warns Users of Fresh Phishing Campaign

PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.
Crypto News

ZachXBT Links North Korean IT Workers to Over 25 Crypto Hacks and Team Extortion Schemes

ZachXBT documents North Korean IT workers infiltrating crypto companies in over 25 instances for hacks and extortion schemes.

Chainguard launches trusted collection of verified JavaScript libraries

Chainguard Libraries for JavaScript include builds that are malware-resistant and built from source on SLSA L2 infrastructure ...
Infosecurity Magazine

Phishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat Actors

The attackers used process hollowing against RegAsm.exe, patched Windows defenses such as AMSI and ETW and unpacked further ...