Node.js systeminformation Package Enables RCE Attacks
A critical command injection vulnerability in the systeminformation npm package, CVE-2024-56334, exposes millions of systems to RCE and privilege escalation attacks. The flaw affects versions ≤5.23.6 and lies in the [...]
Malicious Amazon Appstore apps record screens and intercept OTPs
The “BMI CalculationVsn” app on the Amazon App Store secretly collects sensitive data, like app package names and SMS messages, posing a privacy risk. Its true intent appears to be [...]
Skuld Malware Exploits Windows Utilities Packages
Researchers uncovered a malware campaign in the npm ecosystem, where “k303903” used fake packages to spread the Skuld info stealer, compromising hundreds of machines before removal. Skuld Malware Analysis shows [...]
BADBOX botnet hacked 74,000 Android devices with remote codes
BADBOX is a cybercriminal operation that infects Android devices, like TV boxes and smartphones, with malware before they are sold. These devices, often sold through trusted retailers, pose a major [...]
Malicious supply chain attacks shift from npm to VSCode Marketplace
Researchers have observed a rise in malicious activity on the VSCode Marketplace, exposing its vulnerability to supply chain attacks similar to those previously seen in the npm community. Malicious actors [...]
FHN 
