Tag: malicious
-
Open VSX Extension Delivers RAT and Stealer via GitHub Downloader
An Open VSX extension used by thousands of developers has been caught silently pulling a full-featured remote access trojan and infostealer from GitHub. The KhangNghiem/fast-draft extension, listed on open-vsx.org and tracked at over 26,000 downloads as of March 17, 2026, contained multiple malicious releases that executed a GitHub-hosted downloader and fetched a second-stage payload from…
-
Your APIs are under siege, and attackers are just getting warmed up
Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/19/akamai-api-attack-trends-report/
-
Trump’s National Cyber Strategy Leaves Industry Role Unclear
White House Cyber Strategy Urges Deeper Industry Partnership Without Defining Roles. The administration’s cyber strategy pushes deeper public-private coordination and expanded threat visibility across critical infrastructure, but lacks specifics on operational roles, incentives and legal protections needed for industry to actively disrupt malicious activity. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/trumps-national-cyber-strategy-leaves-industry-role-unclear-a-31075
-
Researchers found font-rendering trick to hide malicious commands
Researchers found a way to trick AI assistants into missing dangerous user instructions on a website. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/researchers-found-font-rendering-trick-to-hide-malicious-commands/
-
Technical Analysis of SnappyClient
Tags: access, antivirus, api, attack, browser, chrome, cloud, communications, computer, control, credentials, crypto, data, defense, detection, encryption, endpoint, finance, framework, github, infection, injection, jobs, login, malicious, malware, network, password, software, startup, theft, threat, update, windowsIntroductionIn December 2025, Zscaler ThreatLabz identified a new command-and-control (C2) framework implant that we track as SnappyClient, which was delivered using HijackLoader. SnappyClient has an extended list of capabilities including taking screenshots, keylogging, a remote terminal, and data theft from browsers, extensions, and other applications. In this blog post, ThreatLabz provides a technical analysis of SnappyClient, including…
-
Claude Code Security and Magecart: Getting the Threat Model Right
When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI code scanning stops and client-side runtime execution begins.A…
-
Fake Telegram Download Site Delivers Stealthy In-Memory Malware Loader
A newly discovered malware campaign is exploiting user trust in Telegram by distributing a trojanized installer through a typosquatted website, telegrgam[.]com. The site closely mimics the official Telegram download portal and delivers a malicious executable named tsetup-x64.6.exe, making it appear legitimate to unsuspecting users. Once downloaded and executed, the installer initiates a multi-stage attack chain while…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
prompted: Key Insights from the AI Security Practitioners Conference FireTail Blog
Tags: ai, api, application-security, attack, automation, conference, cybersecurity, data, defense, detection, exploit, google, infrastructure, injection, LLM, malicious, malware, monitoring, openai, risk, strategy, theft, threat, tool, training, update, vulnerability, zero-dayMar 17, 2026 – Jeremy Snyder – The State of AI Security: Moving Beyond TheoryThe biggest shift evident at the [un]prompted AI Security Practitioners Conference was the move from purely theoretical discussions about “what could go wrong” to concrete, battle-tested methodologies for “what is going wrong and how we fix it.” It’s clear that AI…
-
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
<div cla Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is tracking the malicious packages as sonatype-2026-001153. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/hijacked-npm-packages-deliver-malware-via-solana-linked-to-glassworm/
-
‘CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment
CursorJack shows how malicious MCP deeplinks in Cursor IDE can trigger user-approved code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cursor-jack-attack-path-ai/
-
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/
-
Glassworm Malware Infects Popular React Native npm Packages
Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windowsA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
-
Glassworm Malware Infects Popular React Native npm Packages
Tags: attack, country, credentials, cyber, international, malicious, malware, phone, supply-chain, windowsA new Glassworm-linked supply chain attack has briefly turned two popular React Native npm packages into delivery vehicles for Windows credential-stealing malware. On March 16, 2026, malicious versions of AstrOOnauta’s react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 were published to npm, each embedding an identical staged loader that executes during a routine npm install. Together, these packages account for…
-
Packagist Themes Deliver Trojanized jQuery in OphimCMS Supply Chain Attack
A new OphimCMS supply chain attack in which six Packagist themes ship trojanized jQuery and other JavaScript to compromise site visitors rather than servers.”‹ Researchers found six malicious Composer packages under the “ophimcms” namespace on Packagist that pretend to be legitimate themes for OphimCMS, a Vietnamese-language Laravel CMS used for movie streaming sites. These packages…
-
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
Tags: access, email, group, hacking, intelligence, malicious, malware, north-korea, phishing, spear-phishing, threatNorth Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim’s KakaoTalk desktop application to distribute malicious payloads to certain contacts.The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.”Initial access was achieved through a spear-phishing email disguised…
-
Angular XSS Vulnerability Threatens Thousands of Web Applications
A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-32635, has been discovered in Angular, one of the world’s most widely used web application frameworks. This flaw resides in the Angular runtime and compiler and affects internationalisation (i18n) attribute bindings. If exploited, it allows threat actors to bypass built-in sanitisation mechanisms and cleanly inject malicious scripts…
-
Heading to RSA Conference 2026? Mark your Calendar and Meet Thales!
Tags: access, ai, application-security, attack, communications, compliance, conference, container, control, cybersecurity, data, defense, firewall, framework, GDPR, google, HIPAA, iam, ibm, injection, LLM, malicious, risk, tool, vulnerabilityHeading to RSA Conference 2026? Mark your Calendar and Meet Thales! madhav Tue, 03/17/2026 – 05:14 The countdown is on. From March 2326, the cybersecurity community will gather once again at the Moscone Center in San Francisco, and Thales will be at the heart of it. Cybersecurity Chad Couser – Director Marketing Communications Thales More…
-
Hackers Leverage Safe Links and URL Rewriting to Evade Detection
Threat actors were already abusing URL rewriting mechanisms in phishing campaigns to mask malicious domains. URL rewriting is designed to protect users by replacing original links with security-vendor URLs that scan destinations at click time. These rewritten links route traffic through the provider’s infrastructure so they can analyze the page in real time, block known…
-
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack
Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
-
Hackers Abuse Trusted Websites in New Attacks on Microsoft Teams Users
Threat actors are increasingly turning to trusted infrastructure to launch their attacks, making it harder for automated security tools to flag malicious activity. A newly identified phishing campaign highlights this growing trend by abusing compromised websites to harvest valuable corporate credentials. Cybersecurity researchers have uncovered a sophisticated new phishing campaign where attackers hijack legitimate websites…
-
CISA Alerts Users to Exploited Chrome 0-Day Flaws
Tags: browser, chrome, cisa, cyber, cybersecurity, exploit, flaw, google, infrastructure, kev, malicious, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two highly critical zero-day vulnerabilities. These flaws, which primarily affect Google Chrome and its underlying technologies, are currently being exploited in the wild by malicious actors. As a result, CISA has added both security issues to its Known Exploited Vulnerabilities (KEV) catalog,…
-
Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities
Microsoft releases an out-of-band hotpatch for critical Windows 11 RRAS vulnerabilities that could allow remote code execution through malicious remote servers. The post Microsoft Issues Emergency Patch for Critical Windows 11 RRAS Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-11-rras-vulnerabilities-hotpatch/
-
GlassWorm Malware Evolves to Hide in Dependencies
Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/glassworm-malware-evolves-hide-dependencies