Threat Research Round-Up | Q4 2024
ฝัง
- เผยแพร่เมื่อ 10 ม.ค. 2025
- As we enter 2025, cyber threats to the software supply chain continue to evolve, exploiting popular platforms and tools to infiltrate systems and disrupt workflows.
In this Q4 threat research roundup, threat research experts from ReversingLabs dissect the most significant findings of Q4 2024, including:
✓ Malicious PyPI packages, such as aiocpa that pose as legitimate applications for months, before turning malicious.
✓ Campaigns targeting widely used open source libraries such as the compromises of the @solana/web3.js and @lottiefiles/lottie-player npm packages and the ultralytics PyPI package, comprising millions of downloads and thousands of dependent projects.
✓ Malicious VSCode extensions impersonating popular apps like Zoom to compromise developer environments.
✓ Malicious supply chain campaigns targeting cryptocurrency applications and infrastructure and what they tell us about the evolution of supply chain risks.
✓ A VSCode and npm-based campaign set to disrupt workflows in 2025.
Our quarterly research round-up features actionable insights from ReversingLabs' researchers and real-world examples of threats and attacks.
About RL:
ReversingLabs is the trusted name in file and software security, to verify and deliver safe binaries. With the largest Threat Repository in the industry with over 40 billion searchable files, the Fortune 500 trusts their software supply chain security and malware analysis with ReversingLabs. Learn more: www.reversingl...
RL - Trust Delivered.
Be sure to subscribe to RL and follow us on social media →
/ reversinglabs
/ reversinglabs
/ reversinglabs
/ reversinglabs
