Tag: software compromise
3 articles

GitHub Breach Exposes 3,800 Repos via Malicious VSCode Extension
GitHub recently uncovered a sneaky attack involving a tainted VS Code extension that compromised an employee's device, putting 3,800 repositories at risk. The breach was quickly contained, but not before some internal repositories were exfiltrated.

Kaspersky Uncovers DAEMON Tools Supply Chain Attack
Kaspersky researchers have uncovered a sneaky supply chain attack that used compromised DAEMON Tools installers, downloaded directly from the official website, to deliver a malicious payload - and what's even scarier is that these installers were digitally signed by the very developers of DAEMON Tools themselves.

Malicious Code Infiltrates Python Package Index
A recent supply-chain attack on a popular Python package has raised a critical question: how much trust do you really have in the software that quietly powers your work? A malicious .pth file hidden in the litellm package version 1.82.8 can automatically execute malicious code on every Python startup.