New npm supply-chain attack self-spreads to steal auth tokens
BleepingComputer·60-word summary·1 min read
A new supply chain attack in the npm ecosystem has emerged, targeting developer credentials and spreading through compromised package accounts. The attack self-propagates by stealing authentication tokens, posing a significant security threat to developers and projects relying on npm packages. The incident highlights ongoing vulnerabilities in software supply chains and the need for enhanced security measures.
Spain has dismantled a major manga piracy platform that generated $4.7 million, arresting four individuals. The platform, active since 2014 and serving millions of global users, was the largest Spanish-language site of its kind. Authorities targeted the operation in a crackdown on digital piracy, emphasizing efforts to protect intellectual property rights in the Web3 era.
Despite Aave losing 10 billion in total value locked after the KelpDAO exploit, crypto whales are accumulating AAVE between $85 and $95. This paradox suggests that large investors may be anticipating a significant rebound in the token’s value, highlighting ongoing confidence in AAVE despite recent security concerns and market volatility.
Security researchers have linked a new macOS malware kit called "Mach-O Man" to the Lazarus hacking group. The malware targets crypto and fintech firms by using fake meeting invites and ClickFix prompts to steal credentials and access corporate systems. The campaign highlights ongoing threats from Lazarus, emphasizing the need for enhanced security measures in the sector.
Palantir (PLTR) signed a $300 million Blanket Purchase Agreement with the U.S. Department of Agriculture in April 2026 to enhance farmland security. The deal supports the National Farm Security Action Plan and the “One Farmer, One File” initiative, building on Palantir’s existing work with the USDA’s Landmark platform. The agreement aims to improve data security for U.S. farmers facing economic pressures.
France has frozen $800,000 in crypto ransom linked to a kidnapping, amid rising extortion cases involving digital assets. Authorities are increasing efforts to combat crypto-related crimes, highlighting the need for better security and regulation. The trend underscores the growing use of crypto in criminal activities and the importance of law enforcement adapting to digital assets.
Cybercriminals are now running "Caller-as-a-Service" operations similar to call centers, with hiring, training, and performance tracking, according to Flare. This scam economy approach enables fraudsters to scale their operations efficiently. The development highlights the evolving sophistication of Web3 security threats, emphasizing the need for enhanced fraud detection and prevention measures in the crypto space.
