#SupplyChainThreats

Malicious NuGet Package Linked to Industrial Espionage Targets Developers

by

March 26, 2024 at 01:33PM Threat hunters have flagged the suspicious “SqzrFramework480” package in NuGet, possibly linked to Chinese firm Bozhon Precision. The package contains a DLL file with features for taking screenshots, pinging a remote IP, and transmitting screenshots over a socket. While motives remain unclear, it highlights the risk of concealed malicious code … Read more

Cyber Insights 2024: Supply Chain 

by

February 20, 2024 at 09:03AM Cyber Insights 2024, an annual series by SecurityWeek, addresses evolving cybersecurity challenges. This year focuses on supply chain cybersecurity threats. It emphasizes the growing complexity and vulnerability of supply chains, driven by criminal and nation-state attackers. Government initiatives such as CISA’s SBOM aim to enhance transparency and security in the … Read more