The npm packages @rspack/core, @rspack/cli, and “vant” were hijacked after attackers accessed a compromised npm token. The attackers published malicious versions of the projects, which were caught by Sonatype’s automated malware detection systems. The compromised versions deployed a Monero crypto miner. Both projects detected the compromise and have since issued safe versions, advising users to upgrade and check for signs of compromise.
LockBit Developer Rostislav Panev, a Dual Russian-Israeli Citizen, Arrested
Rostislav Panev, a dual Russian-Israeli national and key developer for the LockBit ransomware group, was arrested in Israel last August. Panev, who is accused of
