Tag: malware
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…
-
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hijack-thousands-of-sites-for-clickfix-and-fakeupdate-attacks/
-
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat’s ‘@redhat-cloud-services’ namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed “Miasma.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/
-
WordPress malware campaign hides payloads in Steam profiles
Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wordpress-malware-campaign-hides-payloads-in-steam-profiles/
-
MegadolonKampagne erschüttert Software-Lieferkette
Tausende Github-Repositorys wurden mit Malware infiziert, die Anmeldedaten stiehlt. Die neueste Bedrohungskampagne von Megadolon erschüttert die ohnehin schon stark belastete Software-Lieferkette. Ein Kommentar von Shane Barney, CISO von Keeper Security <<Die Megalodon-Kampagne zeigt, wo das Risiko in der Software-Lieferkette tatsächlich liegt. Innerhalb von nur sechs Stunden schoben Angreifer bösartige Commits in über 5.500 Github-Repositorys ein…
-
Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives
Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users’ browser, crypto, and Discord data. First seen on hackread.com Jump to article: hackread.com/purchase-emails-fileless-purelogs-malware-rar-archives/
-
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
-
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
-
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
-
Attackers Abuse Shared Content for ChatGPT Phishing Campaign
Push Security says threat actors are delivering malware hosted on chatgpt.com/s/ domain First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/attackers-shared-content-chatgpt/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io RemotePE: The Lazarus RAT that lives…
-
Viren und Malware – Wie schützt ihr euch, wart ihr betroffen und wie kam es dazu?
Wie haltet ihr euer System frei von Viren und Malware? Nutzt ihr Software abseits des Windows Defenders? Und wart ihr schon mal betroffen? First seen on computerbase.de Jump to article: www.computerbase.de/news/apps/viren-und-malware-wie-schuetzt-ihr-euch-wart-ihr-betroffen-und-wie-kam-es-dazu.97613
-
Feeding Frenzy: ‘Megalodon’ Malware Infects Thousands of GitHub Repos
In just six hours, the campaign quietly pushed thousands of malicious commits to more than 5,500 GitHub repositories, stealing credentials, developer secrets, and more. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/megalodon-malware-infects-thousands-github-repos
-
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data. First seen on hackread.com Jump to article: hackread.com/trojan-gemini-claude-installers-developers-seo-poisoning/
-
KI ist allgegenwärtig, doch ihre Governance lückenhaft
Fast alle Unternehmen in Europa setzen generative KI ein, doch die Governance hinkt der Nutzung weiterhin hinterher. Das zeigt der aktuelle <>, der Adoptionstrends, Datenschutzverstöße und Malware-Verbreitung über Cloud-Anwendungen im vergangenen Jahr analysiert. Nahezu vollständige KI-Durchdringung aber Governance noch im Aufbau 99 Prozent der europäischen Unternehmen nutzen inzwischen […] First seen on netzpalaver.de Jump to…
-
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages and injected malware by rewriting more than 700 Git tags tied to historical versions. Laravel-Lang is a community-driven project that provides translation and localization files for Laravel applications. The…
-
Laravel Lang: Hunderte PHP-Paketversionen mit Malware verseucht
Tags: malwareWer seine PHP-Anwendung mit Laravel Lang lokalisiert hat, könnte sich eine Infostealer-Malware eingefangen haben. Entwickler sollten dringend handeln. First seen on golem.de Jump to article: www.golem.de/news/laravel-lang-malware-in-populaere-php-pakete-eingeschleust-2605-209036.html
-
Laravel Lang: Malware in populäre PHP-Pakete eingeschleust
Tags: malwareWer seine PHP-Anwendung mit Laravel Lang lokalisiert hat, könnte sich Malware eingefangen haben, die es vor allem auf Zugangsdaten abgesehen hat. First seen on golem.de Jump to article: www.golem.de/news/laravel-lang-malware-in-populaere-php-pakete-eingeschleust-2605-209036.html
-
Laravel Lang: Malware in populäre PHP-Pakete eingeschleust
Tags: malwareWer seine PHP-Anwendung mit Laravel Lang lokalisiert hat, könnte sich Malware eingefangen haben, die es vor allem auf Zugangsdaten abgesehen hat. First seen on golem.de Jump to article: www.golem.de/news/laravel-lang-malware-in-populaere-php-pakete-eingeschleust-2605-209036.html
-
Laravel Lang: Malware in populäre PHP-Pakete eingeschleust
Tags: malwareWer seine PHP-Anwendung mit Laravel Lang lokalisiert hat, könnte sich Malware eingefangen haben, die es vor allem auf Zugangsdaten abgesehen hat. First seen on golem.de Jump to article: www.golem.de/news/laravel-lang-malware-in-populaere-php-pakete-eingeschleust-2605-209036.html
-
Megalodon-Malware infiziert Tausende GitHub-Repositories
Die Schadsoftware-Kampagne Megalodon hat über 5000 GitHub-Repositories angegriffen. Angreifer kompromittierten automatisierte CI/CD-Workflows. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/github-megalodon-malware
-
NightSpire Ransomware Abuses RDP for Stealthy Persistence
NightSpire has quickly emerged as a significant ransomware threat since its discovery in early 2025, combining classic double-extortion tactics with stealthy intrusion techniques. The malware not only encrypts victim data but also exfiltrates sensitive files, threatening to publish them on a Tor-based leak site if ransom demands are not met. In just a three-month window…
-
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have…
-
Ghost CMS Vulnerability Exploited to Infect 700 Sites With ClickFix Malware
Hackers are actively exploiting a critical SQL injection vulnerability in Ghost CMS (CVE-2026-26980) to compromise websites and distribute ClickFix malware through large-scale page-poisoning attacks. The vulnerability allows attackers to extract sensitive database contents without authentication, including the Ghost Admin API Key. Unlike the read-only Content API Key, this administrative key grants full control over posts…
-
Hackers Use SEO Poisoning to Fake Gemini CLI and Claude Code Installers
Hackers are increasingly abusing search engine optimization (SEO) techniques to distribute malware by impersonating popular AI developer tools, including Gemini CLI and Claude Code. The activity, first observed in early March 2026, shows attackers creating malicious domains that rank above legitimate sources in search engine results. Developers searching for official installation guides are redirected to…
-
InvisibleFerret Malware Uses .pyd and .so Files to Evade Script Detection
A North Korea-linked threat group, Void Dokkaebi, also known as Famous Chollima, has significantly upgraded its malware delivery techniques by converting its Python-based InvisibleFerret malware into compiled binary modules. InvisibleFerret was previously deployed as readable Python scripts, making it easier for defenders to detect through static analysis and signature-based tools. The latest campaign leverages Cython,…
-
Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms
Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations.RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain that involves two loaders tracked as DPAPILoader and RemotePELoader.”DPAPILoader decrypts and First seen…
-
Hackers Hide Linux Malware in SSH-Like Package Filename
Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in PHP environments. This subtle placement allows the malicious code to evade detection during routine dependency…
-
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from…
-
FBI director Kash Patel’s brand website taken offline after malware reports
FBI director site went offline after a hack used a fake Cloudflare page to trick users into running a ClickFix attack that installed malware. The merchandise website of FBI director Kash Patel (basedapparel[.]com) was taken offline on Friday after reports that it had been compromised by hackers using it to spread malware. The malware was…