Researchers discovered a malware campaign infiltrating the npm ecosystem by distributing the Skuld info stealer through seemingly legitimate packages. The attacker, known as “k303903,” compromised hundreds of machines before the packages were removed. The campaign demonstrates the ongoing threat of supply chain attacks and the necessity for increased security measures. The Skuld malware steals passwords, cookies, sensitive files, and browsing history from browsers. The campaign highlights the importance of careful package review before installation and implementing a layered security approach to intercept threats.
US charges suspected LockBit ransomware developer
The US Department of Justice has charged Rostislav Panev, alleged developer for the LockBit ransomware group, with 41 counts including wire fraud and extortion. Panev,