CyberNotableConfirmedDeveloping
9.8
Unit 42 identifies TuxBot v3 IoT botnet utilizing LLM-assisted development
Palo Alto Unit 42HI·3 days ago
Threat actors injected malicious code into five versions of four AsyncAPI npm packages, successfully bypassing security checks by including valid provenance attestations. The malware executes upon module loading rather than installation, indicating a sophisticated supply chain compromise that undermines trust in automated build verification.