A sophisticated supply chain attack on the npm package ‘rand-user-agent’ was discovered on May 5, 2025, inserting a Remote Access Trojan (RAT) named “RATatouille.” It affects around 45,000 weekly downloads, compromising user systems by establishing covert communication with malicious servers. Users of versions post-October 2024 are urged to check for indicators of compromise and unauthorized changes.
CISA Warns of Critical VMware vCenter RCE Vulnerability Now Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This
