Tag: rust
-
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide…
-
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively.According to JFrog, the information stealer “scrapes every secret it can find on a developer’s machine, hides behind an eBPF kernel…
-
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rust-written-ironworm-npm-supply-chain
-
Trending Hugging Face Repo With 200K Downloads Spreads Windows Malware
A malicious Hugging Face repository, Open-OSS/privacy-filter, that abused the platform’s trust and trending algorithm to deliver a sophisticated Rust-based infostealer to Windows users. The project briefly reached the #1 trending position with roughly 244,000 downloads and hundreds of likes before Hugging Face took it down, strongly suggesting the threat actor artificially boosted its popularity to…
-
OpenClaw Malware Targets Crypto Wallets and Bitwarden Credentials
OpenClaw users are being targeted in a fresh malware campaign that abuses a fake installer to steal credentials from popular crypto wallets and password managers, including MetaMask, Phantom, and Bitwarden. The archive contains a 130MB Rust executable padded with fake documentation to evade antivirus file-size scanning limits and many automated sandbox upload thresholds. The PE…
-
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
A malicious Hugging Face repository managed to take a spot in the platform’s trending list by impersonating OpenAI’s Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users.The project, named Open-OSS/privacy-filter, masqueraded as its legitimate counterpart, released by OpenAI late last month (openai/privacy-filter), including copying the entire First seen on thehackernews.com Jump…
-
NWHStealer Campaign Deploys Bun Loader, Anti-VM Evasion, and Encrypted C2
A new distribution method for the NWHStealer infostealer that leverages the Bun JavaScript runtime, marking a significant evolution in the malware’s delivery infrastructure. The threat actors behind this Rust-based stealer are exploiting Bun’s relative newness and high-performance capabilities to package malicious code into larger executables that evade traditional detection methods. Bun is a legitimate, fast…
-
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
-
Brush shell 0.4.0 tightens script safety, widens platform support
Tags: rustRust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/brush-0-4-0-shell-released/
-
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/ubuntu-26-04-lts-resolute-raccoon-released/
-
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/ubuntu-26-04-lts-resolute-raccoon-released/
-
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/24/ubuntu-26-04-lts-resolute-raccoon-released/
-
We beat Google’s zero-knowledge proof of quantum cryptanalysis
Tags: ai, application-security, attack, best-practice, computer, computing, control, cryptography, data, exploit, google, group, Hardware, metric, programming, risk, rust, technology, tool, update, vulnerabilityTwo weeks ago, Google’s Quantum AI group published a zero-knowledge proof of a quantum circuit so optimized, they concluded that first-generation quantum computers will break elliptic curve cryptography keys in as little as 9 minutes. Today, Trail of Bits is publishing our own zero-knowledge proof that significantly improves Google’s on all metrics. Our result is…
-
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.”The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of…
-
Linux 7.0 debuts as Linus Torvalds ponders AI’s bug-finding powers
Makes Rust support official, adds code for ancient Alpha and SPARC CPUs First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/linux_kernel_7_releaseed/
-
Linux 7.0 debuts as Linus Torvalds ponders AI’s bug-finding powers and their impact on release process
Makes Rust support official, adds code for ancient Alpha and SPARC CPUs First seen on theregister.com Jump to article: www.theregister.com/2026/04/13/linux_kernel_7_releaseed/
-
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook.”LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and First seen on thehackernews.com Jump to…
-
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems.”The threat actor’s packages were designed to impersonate legitimate developer tooling […], while quietly functioning as malware loaders, extending Contagious Interview’s established playbook into a coordinated First seen on thehackernews.com Jump to…
-
Mutation testing for the agentic era
Tags: ai, api, authentication, blockchain, framework, guide, metric, open-source, risk, rust, skills, software, switch, tool, vulnerabilityCode coverage is one of the most dangerous quality metrics in software testing. Many developers fail to realize that code coverage lies by omission: it measures execution, not verification. Test suites with high coverage can obfuscate the fact that critical functionality is untested as software develops over time. We saw this when mutation testing uncovered…
-
Fake Certificate Loader Hides BlankGrabber Malware Chain
BlankGrabber’s operators are now abusing a fake “certificate” loader to hide a multi”‘stage Rust and Python infection chain, making this commodity stealer significantly harder to spot on Windows endpoints. The new technique relies on built”‘in tools such as certutil.exe, heavily obfuscated PyInstaller stubs, and stealthy exfiltration via Telegram and public web services to evade both…
-
Cryptographers engage in war of words over RustSec bug reports and subsequent ban
Rust security maintainers contend Nadim Kobeissi’s vulnerability claims are too much First seen on theregister.com Jump to article: www.theregister.com/2026/03/20/cryptographer_nadim_kobeissi_rustsec_ban/
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that’s written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem.The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian First…
-
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors.The Rust packages, published to crates.io, are listed below -chrono_anchordnp3timestime_calibratortime_calibratorstime-syncThe crates, per Socket, impersonate timeapi.io and were published between late February and early March First seen on thehackernews.com Jump to article: thehackernews.com/2026/03/five-malicious-rust-crates-and-ai-bot.html
-
AWS backs Open VSX as Rust survey shows VS Code decline
AI-first editors and agent-driven tooling intensify competition in the IDE market First seen on theregister.com Jump to article: www.theregister.com/2026/03/03/open_vsx_aws/