cognitive cybersecurity intelligence

News and Analysis

CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens

A highly automated npm supply chain campaign, dubbed “CanisterWorm,” in which threat actors steal npm access tokens and weaponize legitimate publisher accounts at scale. The group, tracked as “TeamPCP,” has compromised trusted namespaces including @emilgroup and @teale.io, pushing new SDK versions that silently deploy a persistent backdoor and then self-spread across every package the victim […]
The post CanisterWorm Hijacks npm Publisher Accounts, Steals Tokens appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Source: gbhackers.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts

Google just launched a new Gemini-powered dark web monitoring service

Google just launched a new Gemini-powered dark web monitoring service

A new AI-powered dark web monitoring service looks to give enterprises more “reasoned answers” and deeper insights

New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours

New Study Reveals How Infostealer Infections Lead to Dark Web Exposure in Just 48 Hours

New research is shedding light on how infostealer malware turns a single careless click into full-blown credential exposure on dark web marketplaces in less than

Malicious LiteLLM versions linked to TeamPCP supply chain attack – Security Affairs

Malicious LiteLLM versions linked to TeamPCP supply chain attack – Security Affairs

Malicious LiteLLM versions linked to TeamPCP supply chain attack Security Affairs

Anthropic cuts action approval loop, lets Claude Code make the call

Anthropic cuts action approval loop, lets Claude Code make the call

Auto mode is a new permissions feature in the Claude Code system that allows the AI to make approval decisions on a user’s behalf while