Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

THN Daily Updates [Watch LIVE] Preventing Cyberattacks: Securing the Entire Identity Lifecycle Securing the Identity Lifecycle with Phishing-Resistant MFA, Device Trust and Deepfake Defense Download Now Sponsored LATEST NEWS Apr 23, 2025 Three Reasons Why the Browser is Best for Stopping Phishing Attacks Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever bef... Read More Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since ear... Read More Free IT offboarding checklist If only offboarding was as simple as revoking access to SSO and email. But, unmanaged SaaS accounts, app-to-app OAuth grants, rogue developer tools, and other "shadow" identities make it the world's worst treasure hunt. Our free checklist can help. Read More Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The maliciou... Read More Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito Google on Tuesday revealed that it will no longer offer a standalone prompt for third-party cookies in its Chrome browser as part of its Privacy Sandbox initiative. "We've made the decision to maintain our current appro... Read More How AI and IoT are Supercharging the DDoS Threat DDoS attacks surge in 2024 due to IoT growth and AI-enhanced botnets, exposing misconfigured defenses. Read More Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals Cybersecurity researchers have detailed a malware campaign that's targeting Docker environments with a previously undocumented technique to mine cryptocurrency. The activity cluster, per Darktrace and Cado Security, rep... Read More GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service tha... Read More [Watch LIVE] Preventing Cyberattacks: Securing the Entire Identity Lifecycle Securing the Identity Lifecycle with Phishing-Resistant MFA, Device Trust and Deepfake Defense Download Now Sponsored This email was sent to sikubaycom.s3cr3tz@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from THN. To manage your email newsletter preferences, please click here. Contact THN: info@thehackernews.com Unsubscribe THN | K.P BLock, Pitampura, Delhi