NPM Supply Chain Attack, Fake Europol Bounty, and Operation Secure

On this episode of Leaky Weekly, host and security researcher Nick Ascoli covers the NPM supply chain attack, fake Europol bounty, and Operation Secure.

Here are the resources on the stories:

• Largest NPM attack in crypto history stole less than $50: SEAL (Cointelgraph)
• Breakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly Downloads at Risk (Palo Alto Networks)
• The largest supply-chain attack ever… (Fireship, The Code Report)
• 2 Billion npm Downloads at Risk From Crypto Malware: A Wake-Up Call for Open-Source Supply Chain Security (OPSWAT)
• Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack (The Hacker News)
• Europol confirms $50,000 Qilin ransomware reward is fake (BleepingComputer)
• 20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown (INTERPOL)
• Operation Secure: Trend Micro's Threat Intelligence Fuels INTERPOL's Infostealer Infrastructure Takedown  (Trend Micro)

Brought to you by Flare, Threat Exposure Management solution and industry-leading dataset on cybercrime that integrates into your security program in 30 minutes. Check out what’s on the dark web (and more) about your organization.

Check out Flare Academy:

• Our free training series led by experts on critical topics such as threat intelligence, operational security, and advanced investigation techniques (earn CPE credits towards cybersecurity certifications)
• Our Discord community is a space to learn from and with cybersecurity professionals (including Nick!) and students, check out previous training resources, and keep up with upcoming training