Tag: malicious
-
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famous Chollima, HexagonalRodent, and Void Dokkaebi).According to a report published by Proofpoint, the threat actor has been found orchestrating phishing campaigns using developer role recruitment or code review themes First seen on…
-
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server.…
-
New Agentjacking Attack Hijacks AI Coding Agents to Execute Malicious Code
A newly disclosed Agentjacking attack class can silently weaponize AI coding agents against the very developers who rely on them, requiring no phishing, no server compromise, and no user interaction beyond a developer’s normal workflow of asking their AI assistant to investigate errors. Tenet Security’s Threat Labs developed and validated the technique, demonstrating how a…
-
Malicious 152 Chrome Extensions Caught Spoofing Google Organic Search Traffic
A massive, coordinated network of 152 malicious Google Chrome browser extensions has been dismantled after researchers caught the operation generating fake organic Google search traffic. Socket’s Threat Research Team discovered the operation spanning 38 separate Chrome Web Store publisher accounts and tracing back to three primary brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. Disguised as benign…
-
Google Sues Chinese Phishing Service Over Gemini Abuse
Complaint Says Service Generated More Than 1.5 Million Malicious URLs. Google has sued a Chinese phishing-as-a-service provider accused of teaching customers to use Gemini to generate and customize scam websites, a campaign linked to more than 1.59 million phishing URLs, over 100,000 victims, and widespread credential and financial theft. First seen on govinfosecurity.com Jump to…
-
Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines.Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform.”The attack First…
-
Hackers Use Typosquatted npm Packages to Target Web3 Projects and Crypto Wallet Operators
Hackers have been using typosquatting npm packages to weaponize the trust Web3 teams place in open-source dependencies, turning routine installs into a path for wallet theft, secret harvesting, and staged malware delivery. The campaign is especially dangerous because it blends familiar Ethereum and blockchain branding with postinstall and preinstall abuse, allowing malicious code to execute…
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code on targeted systems. The flaws, tracked as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635, were released on June 9, 2026, and carry high severity ratings with CVSS scores of 8.4. Security researchers warn that…
-
Fake Windows and Office Activation Videos Spread Infostealers on TikTok and Instagram
Short-form video platforms such as TikTok and Instagram Reels have become an increasingly effective vector for distributing infostealers, as threat actors leverage polished tutorial-style clips to trick Windows users into running malicious code. Attackers create accounts with Windows-like naming and branding, then post short, high-production-value videos that mimic authentic support or how-to content. The posts…
-
The assembly line behind 1.5 million malicious domains
Tags: maliciousAttackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/malicious-domain-registration-research/
-
Solana FakeFix Campaign Plants Malicious npm, PyPI Packages to Steal Dev Secrets
Recent disclosure of the “Solana FakeFix” campaign exposes a coordinated supply-chain attack that abused package registries to steal developer secrets. The campaign comprises 16 malicious npm packages and 4 PyPI packages (25 packages in total when combined with related activity) that impersonated Solana tooling, lodged typosquatted names, and used install- and import-time execution to harvest…
-
FIFA World Cup expected to face extensive criminal, hacktivist cyber threats
Researchers warn that thousands of malicious domains are already in place, as fans and tournament organizers face potential attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/fifa-world-cup-criminal-hacktivist-cyber-threat/822638/
-
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is…
-
PoC Exploit Released for Linux Kernel GuestHost Escape Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a critical Linux kernel vulnerability, tracked as CVE-2026-46316, enabling guest-to-host escape in KVM/arm64 environments. The flaw, dubbed “ITScape” by security researcher Hyunwoo Kim (V4bel), affects the Kernel-based Virtual Machine (KVM) subsystem and allows a malicious guest virtual machine to execute arbitrary commands on the host with…
-
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST, needs no native code, no extension, and no permission prompt.You open the page, leave the tab sitting there, and it watches the drive for contention in…
-
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems.”The compromised releases shipped a *-setup.pth file that attempts to execute…
-
NFCShare Android Malware Spreads via Weaponized Banking Apps
A renewed and operationally refined wave of the NFCShare Android banking trojan that delivers NFC card-data theft by masquerading as legitimate banking applications. First documented in January 2026, NFCShare continues to rely on a social”‘engineering phishing flow that coerces victims into sideloading malicious APKs; since 14 May 2026 the campaign has pivoted to Italian and…
-
Shai-Hulud Malware Campaign Abuses 23 PyPI Packages in Developer-Focused Attack
A rapidly evolving supply chain campaign dubbed “Shai-Hulud” is targeting developers through malicious Python packages. Researchers have identified 23 newly weaponised PyPI artefacts, expanding the scope of the ongoing Mini Shai-Hulud, Miasma, and Hades malware operations. The latest findings highlight a shift in attacker tradecraft, combining multiple delivery techniques to compromise developer environments, CI/CD pipelines,…
-
Miasma Worm Hits Microsoft’s AI Coding Ecosystem
Attackers Compromised More Than 70 Microsoft Repositories in Under 2 Minutes. Attackers linked to the Miasma supply-chain campaign compromised a Microsoft contributor account and pushed malicious code into more than 70 repositories, using artificial intelligence-assisted coding tools as an infection path to steal credentials and developer secrets at scale. First seen on govinfosecurity.com Jump to…
-
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group.In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users.”They tried to trick people into clicking on malicious links…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Multiple VMware Stored XSS Flaw Enable Attackers to Inject Malicious Scripts
VMware has disclosed multiple high-severity stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation (VCF) Operations, potentially allowing attackers to inject malicious scripts and compromise administrative environments. The issues, tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, were published under advisory VMSA-2026-0004 on June 8, 2026, and carry a combined CVSS v3 base score of 8.0, indicating…
-
Malicious Hugging Face Models Could Trigger Remote Code Execution
A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks. The post Malicious Hugging Face Models Could Trigger Remote Code Execution appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-hugging-face-transformers-rce-flaw/
-
Malspam Campaign Abuses DoubleClick to Deploy Stealthy .NET Loader
A sophisticated new malspam campaign is actively exploiting Google’s DoubleClick ad-tracking infrastructure to bypass enterprise email security gateways. Discovered by researchers at Huntress, the attack utilizes highly personalized dynamic lures to initiate a complex, five-stage infection chain that actively dismantles local defenses before deploying process-hollowed payloads. The attack chain begins with a malicious HTML attachment,…
-
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
-
Malicious podcast, PDF apps spread FlutterShell macOS backdoor malware
First seen on scworld.com Jump to article: www.scworld.com/news/malicious-podcast-pdf-apps-spread-fluttershell-macos-backdoor-malware
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides behind an eBPF kernel…

