Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation

Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.
The findings come from multiple reports published by Checkmarx,

Headline

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

The Hacker News: Latest News