Malware

Summary A sophisticated phishing campaign recently succeeded in compromising several widely-used npm packages, demonstrating how social engineering can bypass traditional security measures. The attackers cleverly used stolen credentials to inject malware directly into trusted npm packages without ever touching the corresponding GitHub repositories, making detection significantly more challenging. This incident serves as a stark reminder that even the most popular and trusted packages in our dependency chains can become vectors for malicious code distribution. ...

I am following an Instagram meme page with about 130K followers. These meme pages post ads sometimes when they get paid for them. One such ad said – “Get 10GB Data Everyday for Free for 3 Months – for Jio Prime Users”. Since I am a Jio user, I got curious to check this and was sure – this was some kind of fraud going on, and the ad was not by original Jio — they were using the name of Jio to milk their followers, since many of the users use Jio for their data connection. ...