New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

Identity Security: Your First and Last Line of Defense

Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities.
The packages in question are listed below -

node-telegram-utils (132 downloads)
node-telegram-bots-api (82 downloads)
node-telegram-util (73 downloads)


According to supply chain

Headline

Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems

The Hacker News: Latest News