Ax Sharma

Canada, India, United Kingdom

Tech Reporter and Security Researcher at Bleeping Computer

Tech Reporter and Security Researcher at Security Boulevard

Infosec Researcher, Journalist | 📰 Bylines + seen on 📸 BBC, BleepingComputer, Channel 5, WaPo, TechCrunch, WIRED | Member @The_BAJ @CAJ | ✉️ Tips? [email protected]

Articles

Jira Down: Atlassian users experiencing degraded performance

1 week ago | bleepingcomputer.com | Ax Sharma

Atlassian users are experiencing degraded performance amid an 'active incident' affecting multiple Jira products since morning hours today. Jira, Jira Service Management, Jira Work Management and Jira Product Discovery are among the impacted products. Jira is a popular project management and issue tracking software solution used by workplaces to plan, track and manage workflows, specifically among Agile software development teams.
Multiple crypto packages hijacked, turned into info-stealers

4 weeks ago | sonatype.com | Ax Sharma

Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims. Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers. However, our automated malware detection systems detected that the latest versions of each of these packages were laden with obfuscated scripts, raising alarms.
Multiple crypto packages hijacked, turned into info-stealers

4 weeks ago | securityboulevard.com | Ax Sharma

Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims. *** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/multiple-crypto-packages-hijacked-turned-into-info-stealers
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware

2 months ago | securityboulevard.com | Ax Sharma

A counterfeit ‘Truffle for VS Code’ extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package. *** This is a Security Bloggers Network syndicated blog from 2024 Sonatype Blog authored by Ax Sharma. Read the original post at: https://www.sonatype.com/blog/fake-vs-code-extension-on-npm-uses-altered-screenconnect-utility-as-spyware
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware

2 months ago | sonatype.com | Ax Sharma

A counterfeit 'Truffle for VS Code' extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package. The real Truffle for VS Code extension on the Microsoft Visual Studio Marketplace has been installed around 80,000 times and also has its source code available on GitHub. The official GitHub repository also contains a private npm component called 'truffle-vscode'.
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Jan 8, 2025 | securityboulevard.com | Ax Sharma

Recently discovered malicious packages on the npmjs.com registry named “solanacore,” “solana-login,” and “walletcore-gen” target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages abuse Slack web hooks and ImgBB APIs to transfer collected data to external actors.
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft

Jan 8, 2025 | sonatype.com | Ax Sharma

Recently discovered malicious packages on the npmjs.com registry named "solanacore," "solana-login," and "walletcore-gen" target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages abuse Slack web hooks and ImgBB APIs to transfer collected data to external actors.
Counterfeit ESLint and Node 'types' libraries downloaded thousands of times abuse Pastebin

Dec 18, 2024 | securityboulevard.com | Ax Sharma

The legitimate ESLint packages on the npmjs.com registry are called “typescript-eslint” and “@typescript-eslint/eslint-plugin.” This has unscrupulous actors publishing a typosquat named “@typescript_eslinter/eslint” that very closely resembles the names of the real libraries, but is up to no good. The counterfeit component has been downloaded thousands of times.
Now BlueSky hit with crypto scams as it crosses 20 million users

Nov 21, 2024 | bleepingcomputer.com | Ax Sharma

As many more users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors. BleepingComputer has spotted cryptocurrency scams popping up on BlueSky just as the decentralized microblogging service surpassed 20 million users this week.
Amazon and Audible flooded with 'forex trading' and warez listings

Nov 20, 2024 | bleepingcomputer.com | Ax Sharma

Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. Amazon listings promote illicit sitesYesterday, BleepingComputer reported how threat actors were abusing Spotify playlists and podcasts to promote pirated software and game cheats.