Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

Microsoft Threat Intelligence has uncovered an active supply chain attack involving malicious npm packages registered under organizational scopes that mirror real internal corporate namespaces, ...
NETGEAR

Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet

In collaboration with Google and the Shadowserver Foundation, CrowdStrike Counter Adversary Operations team struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing ...