Injective Labs SDK npm package compromised to steal cryptocurrency keys
The supply-chain attack was detected by application security companies Socket, Ox Security, and StepSecurity via version 1.20.
20 articles
The supply-chain attack was detected by application security companies Socket, Ox Security, and StepSecurity via version 1.20.
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to s...
Amazon Web Services EMEA Sarl (AWS) has been designated as a critical third party (CTP) to the UK financial sector by HM Treasury.
A Bulgarian national has been charged with stealing $290,000 in government-seized cryptocurrency while serving 121 months in prison for helping launder milli...
Researchers at Ledger's Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset t...
Researchers uncovered 222 GitHub repositories spreading malware through fake Go packages, delivering loaders, stealers, RATs, and cryptominers. Socket’s secu...
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software ge...
Security leaders have made strong progress in visibility. Most organizations can now identify vulnerabilities across their applications, dependencies and dev...
Odyssey Stealer is driving a large-scale macOS infostealer campaign that now spans more than 100 countries, with operators systematically hijacking cryptocur...
Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pul...
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and...
A compromise of an AI gateway linked to Amazon Bedrock, highlighting how generative AI infrastructure has become a new target within the enterprise attack la...
A malicious NuGet package masquerading as the official Braintree .NET client on July 3, 2026 and Socket’s automation labeled it potential malware within ten ...
Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for ...
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, ...
QIZ Security has developed a platform designed to help organizations govern encryption across on-premises, cloud, and hybrid environments.
The SFC has mandated that all virtual asset trading platforms and internet brokers must replace one-time password (OTP) logins, including those sent via SMS ...
Keyfactor's platform, AgileSec, helps organizations manage and secure their encryption keys and other cryptographic assets like digital certificates.
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stol...
Darktrace says a LiteLLM AI gateway linked to Amazon Bedrock was compromised for cryptomining after signs of exposed SSH activity.