Miasma Worm Source Code Leaked + What NPM v12 Means for Developers | Threat Wire
The Miasma worm, detected on June 8th, compromised 73 Microsoft packages by exploiting GitHub as a command-and-control server and executing malicious lifecycle scripts to steal tokens and destroy developer machines. In response to this supply chain crisis, NPM v12 introduces mandatory explicit approval for install scripts to prevent the automatic execution of code that previously allowed worms like Shai Hulud to infect systems without user interaction. While the worm utilized eight modules to exfiltrate data via slow and fast execution paths, the new NPM framework aims to restore security by forcing developers to review and authorize these scripts before installation. This shift marks a critical evolution in package management, moving from permissive defaults to a model where every dependency requires active consent to mitigate widespread credential theft and system compromise.
Black Hat Europe 2025 | Taking Over Your Amazon Account With A Kindle
A security researcher demonstrated that malicious audiobooks published to the Kindle store can compromise Amazon accounts by exploiting vulnerabilities in the AAX file parser. The attack leverages the ISO-based media file format to bypass modern mitigations, allowing attackers to extract session cookies and execute code without requiring a jailbreak. This vulnerability enables credential theft, credit card fraud, and lateral movement to other devices on the user's network. The research highlights that despite improved security measures, the Kindle OS still relies on an outdated libc version 2.20 and lacks sufficient process segmentation, creating a high-impact attack surface for millions of users.