by Paul McCarty | Dec 18, 2024 | Uncategorized
A new malware payload is being delivered via NPM packages. The NPM user named hi_ops published seven packages that are deploying a new MacOS malware. How is the malware delivered? The delivery mechanism is pretty simple. The NPM package has only one file:...
by Paul McCarty | Dec 6, 2024 | Uncategorized
The Ultralytics PyPi package was compromised today via a sneaky attack leveraging GitHub pull requests. Two consecutive package versions of the Ultralytics PyPi package were compromised and installed crypto miners on the affected hosts. Versions 8.3.41 and 8.3.42 are...
by Paul McCarty | Nov 19, 2024 | Uncategorized
I’ve spent the last year researching the trust and safety mechanisms in SCM platforms like GitHub, GitLab, and Gitea. These platforms are important in the ecosystem, as GitHub and GitLab together host most of the world’s source code. My interest in their...
by Paul McCarty | Jul 31, 2024 | Uncategorized
Bug bounty programs have emerged over the last 5 years as a vital tool for identifying and mitigating vulnerabilities. Many enterprises have accepted the value of having bug bounty programs in their quiver of offensive security practices, and lately, startups and...
by Paul McCarty | Jul 9, 2024 | Uncategorized
You might have recently heard people talking about “memory-safe” languages and how we all need to start using them. There is a loud contingent of people on LinkedIn and Twitter advocating that we move away from languages like C and C++ because they aren’t...
by Paul McCarty | Jun 10, 2024 | Uncategorized
A new software supply chain attack is affecting GitHub users. The new threat, “Gitloker” targets GitHub users repositories with a simple but effective attack: deleting everything they have access to and then attempting to extract ransom payments. DISCLAIMER: This...