JavaScript

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets 2025-06-23 at 16:38 By Zeljka Zorz The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as […]

React to this headline:

Loading spinner

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets Read More »

Package hallucination: LLMs may deliver malicious code to careless devs

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software

React to this headline:

Loading spinner

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

PRevent: Open-source tool to detect malicious code in pull requests

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

Loading spinner

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups 2024-10-31 at 14:38 By Zeljka Zorz A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source:

React to this headline:

Loading spinner

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups Read More »

Scroll to Top