Supply-chain attack using invisible code hits GitHub and other repositories
Quick Insights
The Bottom Line
Supply-chain attack using invisible code targets GitHub and other software repositories.
How This Affects You
If you use software or apps, this attack could potentially compromise programs you rely on daily.
AI Summary
Researchers from Aikido Security discovered a supply-chain attack that uploaded 151 malicious packages to GitHub and other code repositories using invisible unicode characters to hide malicious functions from detection. The attack occurred from March 3 to March 9, targeting GitHub, NPM, and Open VSX repositories with code that appears normal in editors but contains hidden executable malware. The invisible code technique renders traditional manual code reviews and existing security defenses nearly useless against these threats. Aikido first identified this tactic last year, but the recent campaign represents a significant escalation in the use of unicode-based obfuscation. The attack follows the established pattern of mimicking legitimate code libraries to trick developers into incorporating malicious packages into their software projects.
This article is part of a story we're tracking:
Should this be getting more attention?
You Might Have Missed
Related stories from different sources and perspectives
GlobalIran hits tankers and Gulf nations as U.S., Israel continue attacks
Iran has attacked multiple tankers near its territory and is striking oil facilities in nearby countries. Meanwhile, U.S. and Israeli warplanes and missiles are continuing to hit targets across Iran. In its first week alone, the Iran war has cost more than $11 billion, according to lawmakers briefed by the Pentagon. Charlie D'Agata has the latest.
GlobalDozens injured after missile attack hits northern Israel
A missile attack that hit a Palestinian community in northern Israel has injured dozens of people.
CorporateBucking stigma, more places turn to factory-built for affordable housing
Manufactured homes have long faced stigma and been confined to trailer parks. But with updated designs – and zoning codes – more suburbs and cities are turning to them for affordable housing.
National SecurityBahrain says Iranian drone attack damages water desalination plant
Attacks on water systems are uncommon in wartime, but they have appeared in the war in the Middle East with strikes on desalination plants -- critical infrastructure for millions of people in the arid region. Bahrain's interior ministry said Sunday that an Iranian drone attack damaged a water desalination plant, accusing Tehran of "randomly" targeting civilian infrastructure. FRANCE 24's Monte Francis reports.
TechnologyUS medical equipment company Stryker says cyberattack disrupted its global networks - AP News
<a href="https://news.google.com/rss/articles/CBMisAFBVV95cUxNRFdVd2JjRHZxdHVxdEFLemI4TFNlS2RkRDE0TEd5dlNwbjNBRGNmM3hicHhPUnRvaG1PVElCVXpMLURaTWtONmRaQ0x4dXEwaUMwVEdHR05zMnh0TVlrdzU0VXFoV2JxZ1h3VHJFUlNNaE9tc2pWaUZWcWFudGlsZjI4dnp6cU5KdlFNZmRXTlJxZ2VCTzdjelgxemltQ1ZxRUlPUXNJMDU3eFRkRi1rNw?oc=5" target="_blank">US medical equipment company Stryker says cyberattack disrupted its global networks</a> <font color="#6f6f6f">AP News</font>
TechnologyShai Gilgeous-Alexander ties Wilt's record and hits winning 3 as Thunder beat Nuggets 129-126 - AP News
<a href="https://news.google.com/rss/articles/CBMiiAFBVV95cUxPXy1hb25SdnZrTmozdUhqQ284a0ZrY3FCRHJGODQ0OWt1Z3hoWm5WeTFkY2JCdW9lbmZQcFdzWi1WQ1BBNHhTQ0ZpUEsyaGdUYVd6aXNlMTBWOE5NaHBnUk5Obk01dHR2cUNxYlQ1OW5DdERtVUo2c1ZpM2xfcTZHckdxR2VjWE41?oc=5" target="_blank">Shai Gilgeous-Alexander ties Wilt's record and hits winning 3 as Thunder beat Nuggets 129-126</a> <font color="#6f6f6f">AP News</font>
Can scientists really resurrect the dodo? Inside the company that says they can
<p>Colossal Biosciences’ CEO says its work follows a ‘moral obligation’ while critics say it’s ‘tech bro’ hype that could undermine conservation</p><p>Can and should we resurrect animal species that have been extinct for thousands of years? Such weighty, existential questions were once the preserve of science fiction but are now being played out within an unassuming brick building in a <a href="https://www.theguardian.com/us-news/dallas">Dallas</a> business park.</p><p>Colossal Biosciences, <a href="https://techcrunch.com/2025/01/15/colossal-biosciences-raises-200m-at-10-2b-valuation-to-bring-back-woolly-mammoths/">valued</a> at $10.2bn after raising hundreds of millions of dollars in funding from <a href="https://www.forbes.com/sites/stephenpastis/2024/10/03/peter-jackson-puts-10-million-toward-resurrecting-the-dodo-joining-other-celebrities-and-hollywood-business-leaders/">investors</a> including celebrities spanning from Tiger Woods to Paris Hilton, has provoked a stampede of acc...
Did this story change how you see things?
Stories like this only matter when people see them. Help us get verified journalism in front of more eyes.
The Verity Ledger curates verified investigative journalism from trusted sources only.
See our sourcesMost Read This Week
Lasers may be the next frontier for stopping Iran's cheap drones
Defense official reveals how AI chatbots could be used for targeting decisions
Rubio designates Afghanistan as ‘state sponsor of wrongful detention’
Senate Democrat calls for investigation into Texas drone incidents
WADA to weigh barring Trump, US officials from LA Olympics and possibly World Cup over unpaid dues - AP News
