A new advanced supply chain attack targets the Node Package Manager (NPM) using Google Calendar for covert command and control. Malware hidden in legitimate JavaScript libraries has compromised thousands of development environments, leveraging OAuth tokens and encoded calendar events for communication. This innovative approach makes detection difficult, prompting calls for stricter monitoring and analysis of application usage.
Malware Defense 101 – Identifying and Removing Modern Threats
Cybersecurity threats in 2025 have become more sophisticated, with malware leveraging AI, evasion tactics, and polymorphic code. Data-stealing malware dominates, increasing by 180% in 2024.
