If you’re using this hijacked NPM library anywhere in your software stack, read this

US govt issues alert over JS package downloaded 8m times a week – plus more news from world of infosec In brief  The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has warned developers that a version of the ua-parser-js JavaScript library, available via NPM, was infected with data-stealing and cryptocurrency-mining malware.… READ MORE HERE…

Read more

SolarWinds attacker on the move: Russia’s Nobelium crew has trebled attacks targeting MSPs, cloud resellers, says Microsoft

Phishing and password spraying on the up Russia’s Nobelium group – fingered as being a Russian state actor by both the United States and Britain – has massively ramped up phishing and password spraying attempts against managed service providers (MSPs) and cloud resellers, Microsoft’s security arm has warned.… READ MORE HERE…

Read more