The developers of Rspack have disclosed a supply chain attack on two of their npm packages. The attackers published malicious versions of @rspack/core and @rspack/cli to the official package registry infected with cryptocurrency mining malware. Consequently, versions 1.1.7 of these libraries have been removed, and the latest secure version is 1.1.8. Investigations into the root cause of this security compromise are ongoing.
LockBit Developer Rostislav Panev, a Dual Russian-Israeli Citizen, Arrested
Rostislav Panev, a dual Russian-Israeli national and key developer for the LockBit ransomware group, was arrested in Israel last August. Panev, who is accused of