Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Latest News

Hackers Target Industries in Japan, Attacks Share One Pattern

Four big Japan cyberattacks point to a common trend: threat actors are getting access via third-party infrastructure and subsidiaries, not f...

All the recent news you need to know

Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys

 

Cybersecurity researchers have detected a software supply chain attack in which threat actors compromised the Injective Labs SDK GitHub repository and utilized it to distribute a backdoored version of the npm package containing cryptocurrency wallet credentials stealing capabilities. Researchers at security company Socket have identified that the attackers distributed the malicious code in the @injectivelabs/sdk-ts version 1.20.21 after compromising the GitHub account of one of the trusted maintainers. 

The compromised package was published to the npm registry on July 8, 2026, and subsequently deprecated. Nevertheless, the distribution channel for the malicious artifacts remained available on GitHub at the time of publication. The attackers distributed the backdoored SDK to 17 other @injectivelabs packages, including the wallet, utility, networking, and crypto modules. Since the packages include various apps as dependencies, developers who did not directly install the SDK might also be affected. 

Unlike traditional supply chain malware that typically persists in the compromised software at installation time, the detected backdoor was not activated when the developers installed the package. Rather, the malicious code was designed to exfiltrate the cryptographic assets when the developers used the SDK’s wallet generation feature. 

Thus, the threat actors could hide the malicious payload’s presence by avoiding the use of suspicious scripts typically associated with malware. The detected malware consisted of modified cryptographic functions that replaced the legitimate implementation with the backdoor, which the attackers masked as a performance telemetry component. The additional function exfiltrated the cryptographic assets, including the mnemonic seed phrase and private key generation details, required to recreate the cryptocurrency wallet. 

Researchers noted that the malware persisted in the compromised repositories by sending the collected data to the remote server in aggregated fashion to avoid suspicion by grouping multiple exfiltration requests into one encrypted HTTPS session. The security analysts at OX Security stated that the detected threat was capable of intercepting the master recovery phrase used to seed cryptocurrency wallets. Since the mnemonic seed phrase gives the adversary full access to the wallet funds, threat actors could reproduce the cryptographic assets to gain unauthorized access to the blockchain assets. 

The malware’s distribution channel was compromised using the trusted publishing infrastructure and OpenID Connect (OIDC) publishing pipeline. The detected threat utilized the legitimate account of one of the maintainers, which implies that the attackers did not have to use supply chain malware or impersonate the project on a third-party registry. The developers who installed the affected package should switch to the latest version, 1.20.23, which has been released. 

The security analysts advise the developers to consider all private keys and mnemonic phrases generated with the compromised version of the code as compromised and take the appropriate actions to rotate the cryptographic assets. Moreover, the developers should review their project dependencies to ensure that they do not use the affected versions of the packages indirectly. 

The incident demonstrated how the threat actors could target the software supply chain to compromise the cryptocurrency ecosystem and gain unauthorized access to the crypto assets by compromising the open-source developer infrastructure.

Injective SDK Supply Chain Attack Exposed Developers to Cryptocurrency Wallet Theft


 

InjectiveLabs/SDK-TS, a widely used package, was briefly published on Node Package Manager (npm) as a malicious version after attackers gained access to a legitimate contributor's GitHub account, exposing developers to the theft of cryptocurrency wallet credentials. Several security researchers from Socket, Ox Security, and StepSecurity identified the supply chain attack as targeting Injective Labs' TypeScript/JavaScript SDK, which is used to develop applications based on Injective's blockchain.

The SDK is widely adopted by developers who create cryptocurrency wallets, decentralized finance (DeFi) applications, decentralized exchanges, trading bots, and payment platforms, with approximately 50,000 downloads per week on NPM. 

A significant security issue is the responsibility of the SDK when it comes to creating and importing cryptocurrency wallets, as it occupies a critical position in the development process. Developers and end users alike are particularly vulnerable to any compromise of the SDK because the wallet creation functions are crucial to the handling of users' mnemonic recovery phrases and private keys. 

Researchers have determined that hackers gained access to a legitimate contributor's GitHub account on June 8 and introduced malicious code, which was later released as version 1.20.21 for the @injectivelabs/sdk-ts package. Additionally, 17 additional Injective-related packages were referenced by the compromised release, resulting in a significant impact on downstream projects. According to security researchers, attackers compromised a legitimate maintainer's account after exploiting the trust-worthy GitHub publishing workflow of the project. 

As opposed to stealing an NPM publishing token or creating a fake package, the malicious version was distributed through the repository's normal release process, making the compromise appear genuine. Package maintainers detected the malicious activity within minutes, reverting the unauthorized changes and releasing a version that is free of malicious activity, 1.20.23. 

Nevertheless, systems that downloaded or updated the compromised package during the brief exposure window may still have been affected. In contrast to conventional malware that is executed during installation, the injected code is activated when developers create or import cryptocurrency wallets using SDK functions. 

When this was achieved, the malware captured private wallet keys and mnemonic seed sentences, encoded the information, and sent it via HTTP POST request to what appeared to be an official Injective Labs infrastructure endpoint in order to blend into normal network traffic. As a method of minimizing detection, the malware disguised its outbound communication as legitimate injective network traffic in order to prevent detection. 

By capturing multiple wallet secrets temporarily, encoding them, and transmitting them as a single request, the malicious activity was able to blend in with blockchain-related communications, avoiding detection. The malware, according to StepSecurity researchers, collected wallet secrets for approximately two seconds before bundling them into a single request to minimize suspicion while maximizing the amount of data stolen. 

In a recent report, Socket reported that 310 malicious packages had been downloaded before they were deprecated, but there is reportedly still availability of the associated malicious GitHub release artifacts. As a consequence of Ox Security's warning, the compromised SDK is dependent on 87 direct NPM packages, accounting for more than 112,000 cumulative downloads, illustrating the risk to a larger supply chain.

Researchers noted that even though the malicious payload was contained within @injectivelabs/sdk-ts, the compromised release affected 17 additional injective packages that depended on the infected SDK version. This could have resulted in developers installing the backdoored package unknowingly through normal project dependencies, thereby significantly expanding the attack's impact. 

It is advised that developers who suspect they may have installed the affected version transfer cryptocurrency assets immediately into new wallets, replace compromised private keys and seed phrases, and rotate any sensitive credentials stored within their development environment immediately. The incident underlines the growing threat posed by software supply chain attacks, particularly within the cryptocurrency ecosystem where a compromised development dependency may result in a significant financial loss to both developers and end users.

Due to the increasing sophistication of software supply chain attacks, organizations and developers must strengthen dependency verification, monitor package integrity, and respond quickly to compromised components so that credential theft and downstream compromise can be reduced.


QIZ Security Raises $17 Million to Expand Cryptographic Security and Post-Quantum Readiness Platform

 

Israeli cybersecurity startup QIZ Security has raised $17 million in seed funding to fuel the development of its cryptographic security management solution and post-quantum cryptographic (PQC) readiness platform. The Israeli cybersecurity company has seen rising demand for its service, which assists firms in inventorying their cryptography assets in preparation for the transition to post-quantum cryptography algorithms. 

The round was led by Bessemer Venture Partners and Merlin Ventures, with Evolution Equity Partners, Qbeat Ventures, Singtel Innov8, and Qino Cyber Capital also participating. The funding will support the company’s expansion and product development, with the company’s QIZ Security cryptographic governance platform’s research and development being the main focus. 

The startup was founded in 2022 by Ben Volkow, Lenny Ridel, and Itan Barmes, and its cybersecurity solution allows organizations to manage and inventory all cryptographic assets in on-premises, cloud, and hybrid environments without the need to scan their networks. Using industry standard APIs, QIZ Security’s cryptographic governance platform enables enterprises to detect and assess the risk of all certificates, encryption assets, security controls, protocols, cipher suites, and cryptographic keys. 

These details are automatically correlated to the organization’s applications and business processes discovered across hybrid cloud infrastructure environments. Moreover, the application detects vulnerabilities, weaknesses, and exposures to outdated encryption technologies that put enterprise data at risk in both transit and at rest. 

In addition, the company’s solution helps enterprises prioritize risks according to their technical and business significance and guides enterprises in responding to each identified risk. This empowers security operations and compliance teams to coordinate and accelerate activities and responses to cryptographic risks, ensuring that application owners and security stakeholders reduce exposure to business-specific threats. 

Modern cryptographic infrastructure governance is necessary for enterprises to inventory and better understand their cryptography assets, identify risks, and respond to them in a timely and cost-effective manner. With the upcoming quantum computing era, enterprises and government agencies are preparing to migrate their cryptographic infrastructure to post-quantum algorithms. This migration requires organizations to fully understand where their cryptography is, which encryption technologies put them at risk, and how best to respond. 

According to Chief Executive Officer Ben Volkow, enterprises are unable to effectively plan their transition to modern cryptography without gaining continuous visibility into their cryptography assets. Organizations need to take a step back and understand the overall state of cryptography in their IT environments to be prepared for upcoming changes. With the quantum era of computing arriving, businesses need to ensure they are taking the right steps now to safeguard their sensitive data. 

The news comes as governments and enterprises worldwide are beginning to acknowledge the need to inventory cryptographic assets to develop migration plans for post-quantum cryptography algorithms. Additionally, with increased concerns over the implications of quantum computing, multiple cybersecurity startups are positioning their services to assist enterprises in preparing their cryptography infrastructure for the transition to post-quantum cryptography algorithms.

OpenMandriva Accuses Former Contributor of Project Sabotage

 

OpenMandriva Linux is facing a serious internal security dispute after it said a former contributor abused administrative access to damage the project’s infrastructure. The alleged actions included deleting GitHub repositories and publishing an empty package that could have broken desktop systems for users of GNOME and COSMIC. 

According to the project, the problem did not begin with code but with conflict inside the community. OpenMandriva says an abusive incident in its Matrix chat led to one contributor being removed, which then triggered a chain of resignations and escalating anger among some members. 

The most damaging part of the incident involved repository access. Long-time maintainer AngryPenguin said the contributor had admin privileges because he had previously helped migrate and mirror project repositories to a private OneDev instance, and that access was later used to delete part of a repository the team had maintained for nearly 10 years. 

OpenMandriva also says the contributor pushed an empty package into its Cooker development branch. That package obsoleted the GNOME and COSMIC packages, meaning it could have caused real disruption for people relying on those desktop environments if the issue had not been caught quickly. 

The accused contributor, Davide Beatrici, rejects the sabotage allegation and says his goal was not to harm users or the distro itself. He argues that his actions were tied to a dispute over the project’s direction, including disagreement about OpenMandriva’s support for GNOME and COSMIC alongside KDE and LXQt. OpenMandriva says it is now restoring deleted repositories, repairing affected packages, and conducting a full audit to confirm that nothing else was altered. 

The project has also said the incident may meet the threshold of a criminal offense, though it has chosen not to pursue legal action at this stage. This case is a reminder that open-source projects do not only face technical threats from outside attackers. Internal access, trust, and governance can become just as dangerous when disputes turn personal and administrative privileges are misused.

Why Apple, Meta and Snap Want You to Stop Looking at Your Phone

 



The technology industry's next computing platform may not fit in your hand. Instead, it could rest on your ears, sit on your face or hang around your neck.

Apple is reportedly exploring AirPods equipped with cameras that would give Siri the ability to interpret a user's surroundings, according to a Bloomberg report. The cameras are not expected to function like traditional smartphone cameras for photography or video recording. Instead, they would provide visual context that allows Apple's AI assistant to respond more intelligently to spoken requests. Apple has not commented on the report.

The development reveals a comprehensive industry effort to move everyday computing beyond smartphone screens. For decades, displays have served as the primary interface between people and their devices. Advances in artificial intelligence, computer vision and voice assistants are now encouraging technology companies to develop wearable devices that can understand a user's environment and respond without requiring constant screen interaction.

Snap recently expanded that vision with its latest augmented reality smart glasses, Specs, priced at £1,995 in the UK and $2,195 in the US. Unlike many existing smart glasses, the device is designed to operate independently rather than relying on a connected smartphone. Digital content appears only when needed, overlaying information onto the wearer's view of the real world instead of replacing it. Snap Chief Executive Evan Spiegel said the goal is to let users remain engaged with their surroundings while accessing digital experiences.

Meta is also increasing its investment in wearable AI. The company has reportedly sold around seven million pairs of its Ray-Ban Meta smart glasses and recently introduced more affordable models. Reports also indicate Meta is evaluating audio-only smart glasses that could reduce some of the privacy concerns associated with built-in cameras.

Those concerns remain one of the biggest obstacles to wider adoption. Camera-equipped wearables have faced criticism after users were found recording people without their knowledge, despite recording indicator lights intended to alert those nearby. Privacy advocates continue to question whether visible indicators alone provide sufficient transparency in public spaces.

Apple could attempt to distinguish itself by relying heavily on on-device processing, allowing visual information to be analyzed locally rather than stored or transmitted to cloud servers. Such capabilities could enable users to identify objects, receive navigation guidance, ask questions about nearby landmarks or generate recipe suggestions based on ingredients already in their kitchen through simple voice interactions.

Analysts believe AI-powered wearables could gradually shift some everyday computing tasks away from smartphones. Even so, most expect the smartphone to remain central to digital life for the foreseeable future, with wearable devices evolving as complementary tools rather than direct replacements. Whether they ultimately reduce screen time or simply expand the ways people interact with technology remains an open question.

AI Agents Built to Detect Malware Can Be Manipulated Into Running It


 

AI agents capable of identifying malicious software can be manipulated by the AI Now Institute to execute it, according to new research. The proof-of-concept attack, known as "Friendly Fire," demonstrates that autonomous AI coding agents, such as Claude Code from Anthropic and Codex from OpenAI, can be deceived into running malicious code while performing open-source security reviews. 

AI agents can approve and execute commands independently of the user without requiring user confirmation for every action, which is what this attack targets. Researchers contend that the vulnerability does not lie in the software version used by these agents, but rather in the way they interpret and react to instructions embedded within untrusted repositories rather than exploiting a software vulnerability. 

A comparison with conventional supply-chain attacks that hide malicious code within a repository was made by the researchers, who noted that when static analysis and manual review are performed, the repository itself can appear to be completely free of malicious code. By introducing the malicious payload at execution time, the AI agent follows embedded instructions, so traditional security tools cannot detect this technique.

By adding a seemingly harmless README.md instruction to an open-source project that recommended running a script entitled security.sh before submitting a pull request, attackers modified it. By launching a malicious binary hidden within a legitimate compiled Go file, the script silently executed on the host computer without triggering security warnings or approval prompts, allowing the malicious binary to execute on the system. 

According to the researchers, the attack is successful because the AI agent recognizes the instructions as a legitimate step in the process of installing software rather than an attempt to exploit the system maliciously. Once the recommended script has been executed, the payload will run under the same permissions that were provided for the developer or AI agent, potentially exposing credentials, environment variables, and other sensitive information. 

The procedure differs from previous prompt injection attacks, which relied on configuration files and often generated trust warnings, as this technique hides instructions inside standard documentation that is regularly read by developers and AI agents. It has been reported that both Claude Code and OpenAI Codex followed the embedded instructions during testing, while newer AI models executed the disguised binary upon detecting differences between the source file and the compiled executable. 

A laboratory proof-of-concept has been demonstrated, with no evidence of active exploitation in the field. In addition to excluding the malicious payload, the publicly released demonstration code does not attempt privilege escalation or lateral movement. These findings indicate that autonomous AI agents pose a greater challenge in terms of design rather than a problem that can be resolved by simply updating software. 

It is becoming more common for organizations to employ AI-powered coding assistants to review third-party software. Researchers recommend treating AI coding agents as privileged software, rather than simply assistants. Autonomous agents should not be permitted to execute commands on untrusted repositories, least-privilege access policies should be enforced, AI workflows should be isolated in sandboxed environments, and human approval should be required before running scripts or binaries recommended by project documentation. 

In accordance with the researchers, the issue is not related to any particular AI model, but a broader trust problem affecting autonomous coding assistants capable of executing shell commands. In addition to creating new attack surfaces if they are unable to reliably distinguish legitimate instructions from content controlled by the attacker, AI agents are becoming increasingly capable of cloning repositories, installing dependencies, and resolving setup issues independently. 

As autonomous AI systems are increasingly adopted in the software development and cybersecurity sectors, prompt injection attacks remain a major security threat. This study adds to a growing body of evidence that prompt injection attacks remain one of the greatest security risks. In light of the increasing autonomy of AI agents, organizations must balance automation and strong oversight in order to balance automation and security workflows. 

AI-driven attack techniques cannot be effectively countered until artificial intelligence (AI) systems can reliably discriminate between trusted and malicious instructions. Human verification and secure execution environments will therefore remain critical safeguards.

Featured