Tag: malicious

“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Nov 13, 2025 4:49 PM

Tags: malicious, worm

A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/
Malicious npm Package with 206K Downloads Targeting GitHub Repositories to Steal Tokens

Nov 13, 2025 3:49 PM

Tags: authentication, cyber, github, malicious, threat

On Friday, November 7th, Veracode Threat Research discovered a dangerous typosquatting campaign targeting developers using GitHub Actions. The malicious npm package >>@acitons/artifact>@actions/artifact
SmartApeSG Uses ClickFix to Deploy NetSupport RAT

Nov 13, 2025 3:49 PM

Tags: access, attack, captcha, cyber, infection, malicious, rat, tactics

The SmartApeSG campaign, also known as ZPHP and HANEYMANEY, continues to evolve its infection tactics, pivoting to ClickFix-style attack vectors. Security researchers have documented the campaign’s latest methodology, which uses deceptive fake CAPTCHA pages to trick users into executing malicious commands that ultimately deploy NetSupport RAT a Remote Access Trojan capable of giving attackers complete…
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years

Nov 13, 2025 2:49 PM

Tags: cyber, hacker, malicious, spam, worm

Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the registry for nearly two years before detection. The campaign derives its distinctive name from its unique package naming scheme. The embedded…
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain

Nov 13, 2025 2:49 PM

Tags: blockchain, browser, chrome, crypto, cybersecurity, malicious, threat

Cybersecurity researchers have uncovered a malicious Chrome extension that poses as a legitimate Ethereum wallet but harbors functionality to exfiltrate users’ seed phrases.The name of the extension is “Safery: Ethereum Wallet,” with the threat actor describing it as a “secure wallet for managing Ethereum cryptocurrency with flexible settings.” It was uploaded to the Chrome Web…
Malicious Chrome Extension Grants Full Control Over Ethereum Wallet

Nov 13, 2025 10:49 AM

Tags: attack, blockchain, browser, chrome, control, crypto, cyber, malicious, supply-chain, threat

Security researchers have uncovered a sophisticated supply chain attack disguised as a legitimate cryptocurrency wallet. Socket’s Threat Research Team discovered a malicious Chrome extension called >>Safery: Ethereum Wallet,
What CISOs need to know about new tools for securing MCP servers

Nov 13, 2025 8:49 AM

Tags: access, ai, api, attack, authentication, ciso, cloud, communications, compliance, control, corporate, credentials, data, detection, dns, email, framework, google, governance, identity, incident response, infrastructure, injection, leak, least-privilege, malicious, microsoft, monitoring, network, open-source, risk, service, technology, threat, tool, unauthorized, vmware, vulnerability, zero-trust

What to look for in an MCP security platform: Whether a company connects their own agents to third-party MCP servers, their own MCP servers to third-party agents, or their own servers to their own agents, there’s going to be the potential for data leakage, prompt injections and other security threats.That means companies will need to…
What CISOs need to know about new tools for securing MCP servers

Nov 13, 2025 8:49 AM

Tags: access, ai, api, attack, authentication, ciso, cloud, communications, compliance, control, corporate, credentials, data, detection, dns, email, framework, google, governance, identity, incident response, infrastructure, injection, leak, least-privilege, malicious, microsoft, monitoring, network, open-source, risk, service, technology, threat, tool, unauthorized, vmware, vulnerability, zero-trust

What to look for in an MCP security platform: Whether a company connects their own agents to third-party MCP servers, their own MCP servers to third-party agents, or their own servers to their own agents, there’s going to be the potential for data leakage, prompt injections and other security threats.That means companies will need to…
Google asks US court to shut down Lighthouse phishing-as-a-service operation

Nov 13, 2025 5:49 AM

Tags: control, crime, cyber, cybercrime, cybersecurity, email, google, government, incident response, law, malicious, network, phishing, risk, sans, scam, service, smishing, technology, threat

Will have ‘minimal impact’: Ed Dubrovsky, chief operating officer of incident response firm Cypher, is skeptical of the effectiveness of court action. Phishing-as-a-service operations don’t have to be on American soil, he explained, so court orders and legislation will likely have minimal impact on smishing or phishing attacks.”However,” he added, “I can understand that even…
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)

Nov 12, 2025 12:20 AM

Tags: attack, credentials, data-breach, github, malicious, supply-chain, threat

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code. First seen on hackread.com Jump to article: hackread.com/fake-npm-package-downloads-github-credentials/
Microsoft’s November 2025 Patch Tuesday Addresses 63 CVEs (CVE-2025-62215)

Nov 11, 2025 9:20 PM

Tags: access, android, attack, best-practice, cve, cyber, exploit, flaw, github, linux, malicious, microsoft, office, rce, remote-code-execution, service, social-engineering, sql, update, vulnerability, windows, zero-day

5Critical 58Important 0Moderate 0Low Microsoft addresses 63 CVEs including one zero-day vulnerability which was exploited in the wild. Microsoft patched 63 CVEs in its November 2025 Patch Tuesday release, with five rated critical, and 58 rated as important. This month’s update includes patches for: Azure Monitor Agent Customer Experience Improvement Program (CEIP) Dynamics 365 Field…
WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest Banks

Nov 11, 2025 8:20 PM

Tags: banking, finance, malicious, malware, threat

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp.According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and feature identical functionality to decrypt, targeting banking URLs and monitor banking applications.…
Prompt Injection in AI Browsers

Nov 11, 2025 3:19 PM

Tags: access, ai, attack, credentials, data, email, exploit, injection, malicious, service, threat

This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat…
Prompt Injection in AI Browsers

Nov 11, 2025 3:19 PM

Tags: access, ai, attack, credentials, data, email, exploit, injection, malicious, service, threat

This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat…
Prompt Injection in AI Browsers

Nov 11, 2025 3:19 PM

Tags: access, ai, attack, credentials, data, email, exploit, injection, malicious, service, threat

This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credentials or user interaction are required and a threat…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
Introducing FireTail: Making API Security as Simple as Import, Setup, Done FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, breach, cloud, control, data, detection, malicious, network, open-source, tool, update

Nov 11, 2025 – – FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
Exploring the Pros and Cons of Web Application Firewalls (WAFs) FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, authentication, breach, business, cloud, communications, control, data, detection, exploit, firewall, infection, injection, jobs, malicious, malware, network, open-source, programming, risk, software, sql, threat, unauthorized, update, vulnerability, waf, zero-day

Nov 11, 2025 – Jeremy Snyder – Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 according to the 2022 Verizon DBIR,…
Introducing FireTail: Making API Security as Simple as Import, Setup, Done FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, breach, cloud, control, data, detection, malicious, network, open-source, tool, update

Nov 11, 2025 – – FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December…
Exploring the Pros and Cons of Web Application Firewalls (WAFs) FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, authentication, breach, business, cloud, communications, control, data, detection, exploit, firewall, infection, injection, jobs, malicious, malware, network, open-source, programming, risk, software, sql, threat, unauthorized, update, vulnerability, waf, zero-day

Nov 11, 2025 – Jeremy Snyder – Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 according to the 2022 Verizon DBIR,…
North Korean hackers exploit Google’s safety tools for remote wipe

Nov 11, 2025 2:20 PM

Tags: apt, attack, exploit, google, hacker, malicious, malware, north-korea, service, social-engineering, threat, tool, zero-day

The social engineering link: The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing…
North Korean hackers exploit Google’s safety tools for remote wipe

Nov 11, 2025 2:20 PM

Tags: apt, attack, exploit, google, hacker, malicious, malware, north-korea, service, social-engineering, threat, tool, zero-day

The social engineering link: The threat continues beyond device wiping, with attackers distributing malware by compromising KakaoTalk accounts of trusted contacts.GSC found that malicious files disguised as “stress-relief programs” were sent to close contacts via the messenger. “Among the victims was a professional psychological counselor who supports North Korean defector youths during resettlement by addressing…
CISO’s Expert Guide To AI Supply Chain Attacks

Nov 11, 2025 1:20 PM

Tags: ai, attack, ciso, defense, guide, malicious, open-source, supply-chain

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now to protect their organizations.Download the full CISO’s expert guide to AI Supply chain attacks here. TL;DRAI-enabled supply chain attacks are exploding in scale and sophistication – Malicious package uploads to open-source repositories jumped 156% in…
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

Nov 11, 2025 1:20 PM

Tags: cybersecurity, github, malicious

Cybersecurity researchers have discovered a malicious npm package named “@acitons/artifact” that typosquats the legitimate “@actions/artifact” package with the intent to target GitHub-owned repositories.”We think the intent was to have this script execute during a build of a GitHub-owned repository, exfiltrate the tokens available to the build environment, and then use those tokens to publish First…
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials

Nov 11, 2025 1:20 PM

Tags: attack, credentials, data-breach, github, malicious, supply-chain, threat

Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation’s code. First seen on hackread.com Jump to article: hackread.com/fake-npm-package-downloads-github-credentials/
Cybersecurity Maturity and Why Your API Security is Lagging Behind FireTail Blog

Nov 11, 2025 12:20 PM

Tags: access, api, attack, awareness, breach, cloud, compliance, control, cybersecurity, data, data-breach, defense, detection, framework, malicious, monitoring, network, nist, risk, threat, vulnerability

Nov 11, 2025 – Jeremy Snyder – Understanding Cybersecurity Maturity Models (CMM) Cybersecurity maturity models offer valuable guidance for organizations seeking to enhance their security posture. While the Cybersecurity Maturity Model Certification (CMMC) version 1.0, originally created by the U.S. Department of Defense (DoD), has been widely adopted, it’s important to note that there are…
Beyond silos: How DDI-AI integration is redefining cyber resilience

Nov 11, 2025 12:20 PM

Tags: ai, api, attack, automation, best-practice, breach, business, cctv, cloud, control, corporate, cyber, cybersecurity, data, defense, detection, dns, endpoint, finance, firewall, guide, identity, infrastructure, intelligence, iot, malicious, monitoring, network, penetration-testing, phishing, phone, RedTeam, resilience, risk, service, siem, soar, soc, sql, threat, tool, training, zero-trust

DDI as the nervous system of enterprise security: DDI, including DNS, DHCP and IP address management, is the nervous system of the network. It records every connection, every name resolution and every IP allocation, maintaining the only comprehensive, authoritative record of normal network behavior.By itself, DDI data is simply a massive stream of logs. For…
Beyond silos: How DDI-AI integration is redefining cyber resilience

Nov 11, 2025 12:20 PM

Tags: ai, api, attack, automation, best-practice, breach, business, cctv, cloud, control, corporate, cyber, cybersecurity, data, defense, detection, dns, endpoint, finance, firewall, guide, identity, infrastructure, intelligence, iot, malicious, monitoring, network, penetration-testing, phishing, phone, RedTeam, resilience, risk, service, siem, soar, soc, sql, threat, tool, training, zero-trust

DDI as the nervous system of enterprise security: DDI, including DNS, DHCP and IP address management, is the nervous system of the network. It records every connection, every name resolution and every IP allocation, maintaining the only comprehensive, authoritative record of normal network behavior.By itself, DDI data is simply a massive stream of logs. For…
Critical Triofox bug exploited to run malicious payloads via AV configuration

Nov 11, 2025 10:19 AM

Tags: access, antivirus, authentication, cve, exploit, flaw, google, hacker, malicious, mandiant, threat, tool

Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 (CVSS score of 9.1) that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature. Mandiant…