IT News For Australia Business

Supply chain attack hits 300 million-download Axios npm package

A widely used JavaScript package used with hundreds of millions of downloads has been compromised in a new supply chain ...

Hackers are using fake coding jobs to spread malware through GitHub

The malware at the center of it, dubbed Omnistealer by investigators, uses public blockchains not just for payments, but as ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

JavaScript devs beware: this popular NPM package has been compromised by attackers

An extremely popular NPM package used in many JavaScript projects has been compromised and can wreak havoc on your machine if ...

Jewish advocacy presses Ottawa to boost community security spending

Centre for Israel and Jewish Affairs wrote to finance minister ahead of spring economic statement after report warned of possible extremist attack ...
PCMag

Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets

Experts warn the campaign could outpace past global cyberattacks, with hundreds of thousands of credentials already ...
SecurityWeek

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

A new ClickFix attack that leverages a Nuitka loader targets macOS users with the Python-based Infiniti Stealer malware.

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...
iHeart on MSN

Millions of iPhone users vulnerable after hacking tool posted online

The tool allows a hacker to steal messages, passwords, photos, location history, and even cryptocurrency wallets.
Indianapolis Business Journal

Iran conflict raises cyberattack risk, experts say

International conflicts in the physical world can lead to a spike in cyberattacks — both on government entities and on ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...
HealthcareInfoSecurity

LiteLLM Hit in Cascading Supply-Chain Attack

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...