Tag: malicious
-
New Stealit Malware Exploits Node.js Extensions to Target Windows Systems
Security researchers have identified a new, active campaign of the Stealit malware that uses an experimental Node.js feature to infect Windows systems. According to a report from FortiGuard Labs, threat actors are leveraging Node.js’s Single Executable Application (SEA) functionality to package and distribute their malicious payloads. This updated tactic marks a shift from previous Stealit…
-
North Korean APT >>Contagious Interview<< Floods npm Registry with 338 Malicious Packages to Steal Crypto
The post North Korean APT >>Contagious Interview
-
North Korean APT >>Contagious Interview<< Floods npm Registry with 338 Malicious Packages to Steal Crypto
The post North Korean APT >>Contagious Interview
-
175 npm Packages Abused in Beamglea Phishing Operation
The Beamglea campaign used 175 malicious npm packages to host phishing redirects, targeting global tech and energy firms. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/npm-packages-abused-beamglea/
-
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign”, dubbed “Beamglea””, leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer installation unlikely, the download counts reflect security researchers, automated scanners, and CDN providers…
-
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign”, dubbed “Beamglea””, leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer installation unlikely, the download counts reflect security researchers, automated scanners, and CDN providers…
-
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign”, dubbed “Beamglea””, leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer installation unlikely, the download counts reflect security researchers, automated scanners, and CDN providers…
-
175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Socket’s Threat Research Team has uncovered a sprawling phishing campaign”, dubbed “Beamglea””, leveraging 175 malicious npm packages that have amassed over 26,000 downloads. These packages serve solely as hosting infrastructure, redirecting victims to credential-harvesting pages. Though randomly named packages make accidental developer installation unlikely, the download counts reflect security researchers, automated scanners, and CDN providers…
-
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and…
-
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to facilitate credential harvesting attacks as part of an unusual campaign.The packages have been collectively downloaded 26,000 times, acting as an infrastructure for a widespread phishing campaign codenamed Beamglea targeting more than 135 industrial, technology, and…
-
LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code
LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of an LLM-enabled malware we dubbed “MalTerminal.” Our methodology also uncovered other offensive LLM applications, including…
-
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious…
-
LLM-Powered MalTerminal Malware Uses OpenAI GPT-4 to Create Ransomware Code
LLM-enabled malware poses new challenges for detection and threat hunting as malicious logic can be generated at runtime rather than embedded in code. Our research discovered hitherto unknown samples, and what may be the earliest example known to date of an LLM-enabled malware we dubbed “MalTerminal.” Our methodology also uncovered other offensive LLM applications, including…
-
ClayRat Android Malware Masquerades as WhatsApp Google Photos
ClayRat, a rapidly evolving Android spyware campaign, has surged in activity over the past three months, with zLabs researchers observing more than 600 unique samples and 50 distinct droppers. Primarily targeting Russian users, the malware masquerades as popular applications such as WhatsApp, Google Photos, TikTok, and YouTube, luring victims into installing malicious APKs via deceptive…
-
Google Issues Alert on CL0P Ransomware Actively Exploiting Oracle E-Business Suite Zero-Day
Organizations using Oracle E-Business Suite must apply the October 4 emergency patches immediately to mitigate active, in-the-wild exploitation by CL0P extortion actors and hunt for malicious templates in their databases. Beginning September 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant identified a massive email campaign targeting executives at dozens of organizations, alleging theft of…
-
It’s trivially easy to poison LLMs into spitting out gibberish, says Anthropic
Just 250 malicious training documents can poison a 13B parameter model – that’s 0.00016% of a whole dataset First seen on theregister.com Jump to article: www.theregister.com/2025/10/09/its_trivially_easy_to_poison/
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Dozens of Oracle customers impacted by Clop data theft for extortion campaign
Researchers said malicious activity dates back to early July and active exploitation was observed two months ago. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-customers-attacks-clop-google-mandiant/
-
SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
Palo Alto, California, 9th October 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/squarex-shows-ai-browsers-fall-prey-to-oauth-attacks-malware-downloads-and-malicious-link-distribution/
-
SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
Palo Alto, California, 9th October 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/squarex-shows-ai-browsers-fall-prey-to-oauth-attacks-malware-downloads-and-malicious-link-distribution/
-
SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
Palo Alto, California, 9th October 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/squarex-shows-ai-browsers-fall-prey-to-oauth-attacks-malware-downloads-and-malicious-link-distribution/
-
SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
Palo Alto, California, 9th October 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/squarex-shows-ai-browsers-fall-prey-to-oauth-attacks-malware-downloads-and-malicious-link-distribution/
-
Bots Are Evolving: Here’s How to Stop AI-Powered Automation Before It Stops You
Tags: access, ai, api, application-security, attack, authentication, automation, awareness, breach, cloud, compliance, container, control, credentials, cyber, cybersecurity, data, defense, encryption, exploit, intelligence, Internet, login, malicious, mobile, monitoring, network, scam, skills, software, strategy, tactics, technology, threat, toolBots Are Evolving: Here’s How to Stop AI-Powered Automation Before It Stops You madhav Thu, 10/09/2025 – 04:34 More than half of all internet traffic is now automated. Bots don’t just scrape data or hoard inventory anymore. They mimic humans so convincingly that even seasoned security teams struggle to spot them. With the help of…
-
Bots Are Evolving: Here’s How to Stop AI-Powered Automation Before It Stops You
Tags: access, ai, api, application-security, attack, authentication, automation, awareness, breach, cloud, compliance, container, control, credentials, cyber, cybersecurity, data, defense, encryption, exploit, intelligence, Internet, login, malicious, mobile, monitoring, network, scam, skills, software, strategy, tactics, technology, threat, toolBots Are Evolving: Here’s How to Stop AI-Powered Automation Before It Stops You madhav Thu, 10/09/2025 – 04:34 More than half of all internet traffic is now automated. Bots don’t just scrape data or hoard inventory anymore. They mimic humans so convincingly that even seasoned security teams struggle to spot them. With the help of…
-
Chinese Hackers Weaponize Nezha Tool to Run Commands on Web Servers
Tags: attack, china, cyber, cyberattack, cybersecurity, exploit, hacker, malicious, monitoring, threat, toolSecurity researchers have uncovered a sophisticated cyberattack campaign where Chinese threat actors are exploiting web applications using an innovative log poisoning technique to deploy web shells and subsequently weaponize Nezha, a legitimate server monitoring tool, for malicious command execution. Creative Attack Methodology Discovered Beginning in August 2025, cybersecurity firm Huntress identified an intrusion where attackers…
-
The First Malicious MCP Server is a Warning Shot for AI Cybersecurity
The first malicious Model Context Protocol (MCP) server has been discovered and we should all be worried how this is foreshadowing AI cybersecurity risks! Cybersecurity researchers at Koi Security detected malicious code within an MCP server that connects AI systems with Postmark email services. The code covertly copies every email and exfiltrates it back to…