Ethereum developers are being targeted by malicious npm packages that impersonate Hardhat plugins to steal private keys and sensitive data. Socket researchers reported the ongoing attack, stating that twenty such packages have been identified, amassing over a thousand downloads. The attackers mimic legitimate package names to trick developers into using them, resulting in potential backdoors in production systems and loss of funds.

Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted