Tag: malicious

44 Aqua Security repositories defaced after Trivy supply chain breach

Mar 23, 2026 4:47 PM

Tags: breach, container, docker, github, malicious, malware, risk, supply-chain

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.40.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images.…
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Mar 23, 2026 10:47 AM

Tags: attack, container, cybersecurity, docker, kubernetes, malicious, radius, supply-chain, worm

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Mar 23, 2026 8:47 AM

Tags: cve, cybersecurity, data-breach, exploit, flaw, hacker, malicious, threat

Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf.The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that’s consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It’s…
When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com Part Three

Mar 22, 2026 9:10 PM

Tags: access, api, data, detection, encryption, group, injection, leak, malicious, malware, monitoring, network, risk, software, threat, tool, windows

Dear blog readers, Continuing the “When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com – Part Two” blog post series in this post I’ll continue analyzing the next malicious software binary which I obtained by data mining Conti Leaks with a lot of success. …
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Mar 22, 2026 12:09 PM

Tags: ai, backdoor, international, malicious, malware, ransomware, tool, ukraine, wordpress

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware malware analysis DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]…
CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

Mar 22, 2026 12:09 AM

Tags: attack, group, malicious, threat, unauthorized, update, worm

On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor group TeamPCP. We track this……
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials

Mar 21, 2026 11:09 AM

Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerability

A highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
Trivy Vulnerability Scanner Compromised to Inject Malicious Scripts That Steal Credentials

Mar 21, 2026 11:09 AM

Tags: attack, breach, credentials, cyber, github, malicious, security-incident, supply-chain, vulnerability

A highly sophisticated supply chain attack has successfully compromised the official Trivy GitHub Actions repository, severely impacting continuous integration environments. Discovered on March 19, 2026, this breach represents the second major security incident to strike the Trivy ecosystem this month following a prior credential theft. Attackers effectively hijacked 75 out of 76 version tags, transforming…
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Mar 21, 2026 8:09 AM

Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerability

Attackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

Mar 21, 2026 8:09 AM

Tags: access, attack, breach, cloud, control, credentials, crypto, data, detection, docker, email, exploit, github, kubernetes, malicious, malware, network, risk, supply-chain, vulnerability

Attackers look for development secrets: On GitHub Actions runners, the credential stealer reads the process memory to extract secrets and searches the filesystem for SSH keys, cloud provider credentials, Kubernetes tokens, Docker registry configurations, and cryptocurrency wallets.The stolen data is encrypted and sent to a typosquatted domain that mimics Aqua Security’s legitimate site. If this…
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution

Mar 20, 2026 2:09 PM

Tags: browser, chrome, cyber, google, linux, macOS, malicious, update, vulnerability, windows

Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Mar 20, 2026 2:09 PM

Tags: api, attack, exploit, flaw, malicious, rce, remote-code-execution, vulnerability

Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover.The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that…
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Mar 20, 2026 1:10 PM

Tags: apple, attack, exploit, infection, iphone, malicious, risk, update, vulnerability

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from exploit kits like Coruna and DarkSword. These attacks use malicious web content to trigger infection chains that can steal sensitive data. Users are…
What to Do When Your Website Is Under a DDoS Attack

Mar 20, 2026 11:09 AM

Tags: attack, business, ddos, malicious, network, service

A Distributed Denial-of-Service (DDoS) attack can disrupt your website within minutes, making it inaccessible to users and impacting business operations. These attacks flood your server or network with massive volumes of malicious traffic, overwhelming resources and preventing legitimate users from accessing your services. With DDoS attacks becoming more frequent and sophisticated, businesses must act quickly……
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Mar 20, 2026 7:10 AM

Tags: apple, attack, exploit, infection, iphone, malicious, theft, update, vulnerability

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data.”For…
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Mar 20, 2026 7:10 AM

Tags: apple, attack, exploit, infection, iphone, malicious, theft, update, vulnerability

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data.”For…
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Mar 20, 2026 5:11 AM

Tags: access, attack, authentication, best-practice, breach, cisa, control, credentials, cyberattack, defense, endpoint, exploit, group, identity, incident response, intelligence, iran, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, phishing, ransomware, risk, threat, tool, unauthorized, update

Hardening endpoint management systems: CISA advises IT leaders to:use principles of least privilege access when designing administrative roles for endpoint management systems. For Intune systems, there is role-based access control limiting what actions a role can take, what users the actions are applied to, and which devices are covered;enforce phishing-resistant multi-factor authentication (MFA) and privileged…
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Mar 20, 2026 5:11 AM

Tags: access, attack, authentication, best-practice, breach, cisa, control, credentials, cyberattack, defense, endpoint, exploit, group, identity, incident response, intelligence, iran, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, phishing, ransomware, risk, threat, tool, unauthorized, update

Hardening endpoint management systems: CISA advises IT leaders to:use principles of least privilege access when designing administrative roles for endpoint management systems. For Intune systems, there is role-based access control limiting what actions a role can take, what users the actions are applied to, and which devices are covered;enforce phishing-resistant multi-factor authentication (MFA) and privileged…
Sonatype Discovers Two Malicious npm Packages

Mar 20, 2026 1:10 AM

Tags: malicious

<div cla Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages, sbx-mask and touch-adv, designed to exfiltrate secrets from victims’ computers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sonatype-discovers-two-malicious-npm-packages/
Sonatype Discovers Two Malicious npm Packages

Mar 20, 2026 1:10 AM

Tags: malicious

<div cla Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages, sbx-mask and touch-adv, designed to exfiltrate secrets from victims’ computers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sonatype-discovers-two-malicious-npm-packages/
Breach Roundup: Fancy Bear in Schmancy OpSec Failure

Mar 20, 2026 12:10 AM

Tags: attack, breach, china, exploit, hacker, interpol, malicious, microsoft, russia, windows

Also, Telus Breach, Microsoft Hotpatching, Interpol Malicious IP Takedown. This week, Russian hacker OpSec failure, Interpol helped disrupt 45,000 malicious IPs, the FBI is looking for an ATM jackpotting suspect and Telus disclosed a breach. Windows hotpatching, an FTP exploit, a foiled attack on a nuclear research center and China-linked espionage. First seen on govinfosecurity.com…
Breach Roundup: Fancy Bear in Schmancy OpSec Failure

Mar 20, 2026 12:10 AM

Tags: attack, breach, china, exploit, hacker, interpol, malicious, microsoft, russia, windows

Also, Telus Breach, Microsoft Hotpatching, Interpol Malicious IP Takedown. This week, Russian hacker OpSec failure, Interpol helped disrupt 45,000 malicious IPs, the FBI is looking for an ATM jackpotting suspect and Telus disclosed a breach. Windows hotpatching, an FTP exploit, a foiled attack on a nuclear research center and China-linked espionage. First seen on govinfosecurity.com…
Ransomware group exploited Cisco firewall vulnerability as a zero day, weeks before a patch appeared

Mar 19, 2026 9:10 PM

Tags: attack, cisco, cve, defense, exploit, firewall, government, group, healthcare, infrastructure, malicious, malware, ransom, ransomware, service, software, tool, update, vulnerability, zero-day

CSO that the “week’s head start” he referred to was the gap between the date of the first exploit that Amazon’s later analysis had unearthed and Cisco’s discovery of the bug.Amazon gained insight into the attacker’s infrastructure by using the honeypot to mimic a vulnerable firewall system. This resulted in an attack on the honeypot,…
CISA Calls on Organizations to Strengthen Microsoft Intune Security After Stryker Incident

Mar 19, 2026 3:09 PM

Tags: cisa, cyber, cyberattack, cybersecurity, endpoint, infrastructure, malicious, microsoft, technology

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert calling on organizations to aggressively harden their endpoint management systems. Released on March 18, 2026, the critical warning follows a significant cyberattack against U.S.-based medical technology provider Stryker Corporation. The agency observed malicious actors actively targeting endpoint management platforms, explicitly misusing legitimate administrative…
Claude Vulnerabilities Allow Data Exfiltration and Malicious Redirect Attacks

Mar 19, 2026 2:10 PM

Tags: attack, cyber, data, exploit, flaw, injection, malicious, tool, vulnerability

Security researchers recently uncovered a critical attack chain within Anthropic’s Claude.ai platform. Dubbed >>Claudy Day,<< this vulnerability sequence allows attackers to silently extract sensitive user data through prompt manipulation and malicious redirects. The exploit requires no external integrations or specialized tools, functioning entirely within a default Claude session. Anthropic has patched the prompt injection flaw…
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Mar 19, 2026 1:10 PM

Tags: blockchain, cybersecurity, data, malicious

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials. First seen on hackread.com Jump to article: hackread.com/windsurf-ide-extension-solana-blockchain-developer-data/
Pyronut Package Backdoors Telegram Bots With RCE

Mar 19, 2026 12:10 PM

Tags: api, backdoor, cyber, framework, malicious, pypi, rce, remote-code-execution

Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system.”‹ The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyrogram, a widely used Telegram MTProto API framework with around 370,000 monthly downloads. Instead of…
OpenWebUI Servers Targeted in Attacks Using AI Payloads to Steal Data

Mar 19, 2026 12:10 PM

Tags: ai, attack, cyber, data, intelligence, malicious, threat, tool

A recent campaign has targeted improperly secured Open WebUI systems, allowing threat actors to deploy malicious artificial intelligence payloads. Open WebUI is a highly popular self-hosted interface designed to enhance large language models. Shodan scans reveal over 17,000 active instances globally, making it a lucrative target for scanning attackers. By abusing the Open WebUI Tools…
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference

Mar 19, 2026 11:09 AM

Tags: access, attack, authentication, awareness, breach, credentials, cryptography, defense, detection, email, fido, finance, google, Hardware, identity, jobs, linkedin, login, malicious, mfa, microsoft, monitoring, passkey, password, phishing, service, theft, threat, vulnerability

Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…
Your MFA isn’t broken, it’s being bypassed, and your employees can’t tell the difference

Mar 19, 2026 11:09 AM

Tags: access, attack, authentication, awareness, breach, credentials, cryptography, defense, detection, email, fido, finance, google, Hardware, identity, jobs, linkedin, login, malicious, mfa, microsoft, monitoring, passkey, password, phishing, service, theft, threat, vulnerability

Three failures that keep showing up: Through my research into adversary-in-the-middle attacks and reviewing industry incident reports, I have identified three consistent failures that make these attacks successful. 1. We trained our people for the wrong threat Most security awareness programs still teach the same things: Look for misspellings, check the sender address, hover over…