teampcp – Weekly Geek

A hacker group is poisoning open source code at an unprecedented scale

A so-called software supply chain attack, in which hackers corrupt a legitimate piece of software to hide their own malicious code, was once a relatively rare event but one that haunted the cybersecurity world with its insidious threat of turning any innocent application into a dangerous foothold in a victim’s network. Now one group of… Read More: A hacker group is poisoning open source code at an… »

Self-propagating malware poisons open source software and wipes Iran-based machines

In an email, Aikido researcher Charlie Eriksen said the canister was taken down Sunday night and is no longer available. “It wasn’t as reliable/untouchable as they expected,” Eriksen wrote. “But for a while, it would have wiped systems if infected.” Like previous TeamPCP malware, CanisterWorm, as Aikido has named the malware, targets organizations’ CI/CD pipelines… Read More: Self-propagating malware poisons open source software and wipes Iran-based machines »