WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
GamingOnLinux

The Arch Linux AUR had over 400 packages compromised with malware

Looks like the Arch Linux AUR (Arch User Repository) needs some better security and package checks - as some malicious users ...
The Hacker News

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Sygnia says Velvet Ant modified Linux PAM and OpenSSH components to steal credentials and maintain stealthy access since 2016 ...
The Hacker News

144 Mastra npm Packages Compromised via Hijacked Contributor Account

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.
DevPro Journal

Protect your development team from advanced phishing

New phishing-as-a-service platforms target devs by hijacking legitimate sessions. Discover how to build a resilient security ...
GitHub

lenucksi/aur-malware-check

Detection and analysis tools for the atomic-lockfile supply-chain attack on the Arch User Repository (AUR). This is a collection of all the scattered resources, especially the ones in the detection ...