Tag: typosquatting
-
The Register: One line of malicious npm code led to massive Postmark email heist
Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…
-
Slashdot: AI Hallucinations Lead To a New Cyber Threat: Slopsquatting
Source URL: https://it.slashdot.org/story/25/04/22/0118200/ai-hallucinations-lead-to-a-new-cyber-threat-slopsquatting?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: AI Hallucinations Lead To a New Cyber Threat: Slopsquatting Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a new cyber threat termed Slopsquatting, which involves the creation of fake package names by AI coding tools that can be exploited for malicious purposes. This threat underscores the…
-
Cisco Talos Blog: Unraveling the U.S. toll road smishing scams
Source URL: https://blog.talosintelligence.com/unraveling-the-us-toll-road-smishing-scams/ Source: Cisco Talos Blog Title: Unraveling the U.S. toll road smishing scams Feedly Summary: Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America. AI Summary and Description: Yes Summary: The text details…
-
Hacker News: Lazarus Group deceives developers with 6 new malicious NPM packages
Source URL: https://cyberscoop.com/lazarus-group-north-korea-malicious-npm-packages-socket/ Source: Hacker News Title: Lazarus Group deceives developers with 6 new malicious NPM packages Feedly Summary: Comments AI Summary and Description: Yes Summary: The Lazarus Group has infiltrated the npm registry, introducing six malicious packages designed to deceive software developers, steal credentials, and disrupt their workflows. This incident highlights the ongoing threats…
-
CSA: How Can Businesses Manage Generative AI Risks?
Source URL: https://cloudsecurityalliance.org/blog/2025/02/20/the-explosive-growth-of-generative-ai-security-and-compliance-considerations Source: CSA Title: How Can Businesses Manage Generative AI Risks? Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the rapid advancement of generative AI and the associated governance, risk, and compliance challenges that businesses face. It highlights the unique risks of AI-generated images, coding copilots, and chatbots, offering strategies…
-
The Register: Poisoned Go programming language package lay undetected for 3 years
Source URL: https://www.theregister.com/2025/02/04/golang_supply_chain_attack/ Source: The Register Title: Poisoned Go programming language package lay undetected for 3 years Feedly Summary: Researcher says ecosystem’s auto-caching is a net positive but presents exploitable quirks A security researcher says a backdoor masquerading as a legitimate Go programming language package used by thousands of organizations was left undetected for years.……