Tag: worm
-
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/
-
What to Expect from Iran’s Digital Counterstrike
Tags: attack, breach, cloud, communications, cyber, cyberattack, cybersecurity, data, defense, espionage, exploit, extortion, finance, government, group, hacking, infrastructure, intelligence, international, iran, leak, middle-east, military, network, ransomware, risk, risk-assessment, service, tool, update, vulnerability, wormAfter the United States and Israel began a bombing campaign on Iran, leading to the decapitation of its political and military leaders, the Middle East has erupted into waves of kinetic warfare. But what should we expect about cyber? Iran has a formidable offensive cybersecurity capability and is considered one of the four most aggressive…
-
The Worm Turns When the Hunter Becomes the Hunted Mass Surveillance and the Weaponization of the Data We Voluntarily Create
Explore how advancements in surveillance infrastructure and the democratization of intelligence have transformed espionage. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-worm-turns-when-the-hunter-becomes-the-hunted-mass-surveillance-and-the-weaponization-of-the-data-we-voluntarily-create/
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms/
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms-2/
-
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
Poisoning the AI developer interface: The campaign was specifically flagged for its direct targeting of AI coding assistants. The malware deploys a malicious Model Context Protocol (MCP) server and injects it into configurations of popular AI tools, embedding itself as a trusted component in the assistant’s environment.Once this is achieved, prompt-injection techniques can trick the…
-
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shai-hulud-like-worm-devs-npm-ai/
-
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code…
-
SSH Worm Exploit Detected by DShield Sensor Using Credential Stuffing and Multi-Stage Malware
A DShield honeypot sensor recently recorded a complete compromise sequence involving a self-replicating SSH worm that exploits weak passwords to spread across Linux systems. The incident highlights how poor SSH hygiene and the use of default credentials remain among the most persistent threats to Internet-connected devices. Even in 2026, attackers continue leveraging automated credential stuffing…
-
TeamPCP Turns Cloud Infrastructure into Crime Bots
The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-cloud-infrastructure-crime-bots
-
Shai-hulud: The Hidden Costs of Supply Chain Attacks
Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks
-
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure
Tags: api, cloud, cybersecurity, data-breach, docker, exploit, infrastructure, kubernetes, malicious, wormCybersecurity researchers have called attention to a “massive campaign” that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation.The activity, observed around December 25, 2025, and described as “worm-driven,” leveraged exposed Docker APIs, Kubernetes clusters, Ray dashboards, and Redis servers, along with the recently disclosed First seen on thehackernews.com Jump…
-
Shai-hulud: The Hidden Cost of Supply Chain Attacks
Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hidden-cost-supply-chain-attacks
-
Shai-Hulud & Co.: The software supply chain as Achilles’ heel
Tags: access, ai, application-security, attack, backdoor, ciso, cloud, credentials, cyber, github, Hardware, identity, infrastructure, kritis, kubernetes, malicious, network, nis-2, programming, risk, rust, sbom, software, strategy, supply-chain, threat, tool, vulnerability, wormThe polyglot supply chain attack: The most frightening prospect, however, is the convergence of these threats in a polyglot supply chain attack. Currently, security teams operate in isolation. AppSec monitors the code, CloudSec monitors the cloud, NetworkSec monitors the perimeter. A polyglot attack is designed to seamlessly break through these silos.This happens as follows: A…
-
From typos to takeovers: Inside the industrialization of npm supply chain attacks
Tags: access, application-security, attack, automation, backdoor, blockchain, breach, control, credentials, cybersecurity, github, gitlab, malicious, malware, phishing, radius, risk, supply-chain, threat, update, wormFrom typo traps to legitimate backdoors: For years, typosquatting defined the npm threat model. Attackers published packages with names just close enough to popular libraries, such as “lodsash,” “expres,” “reacts,” and waited for automation or human error to do the rest. The impact was usually limited, and remediation straightforward.That model began to break in 2025.Instead…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion A Broken System Fueling Botnets Malicious NPM Packages Deliver NodeCordRAT Boto-Cor-de-Rosa campaign reveals Astaroth WhatsApp-based worm activity in Brazil CNCERT: Risk Warning Regarding…
-
ZombieAgent ChatGPT attack shows persistent data leak risks of AI agents
Worm-like propagation: The email attack even has worming capabilities, as the malicious prompts could instruct ChatGPT to scan the inbox, extract addresses from other email messages, exfiltrate those addresses to the attackers using the URL trick, and send similar poisoned messages to those addresses as well.If the victim is the employee of an organization that…
-
Astaroth Banking Trojan Targets Brazilians via WhatsApp Messages
Researchers at Acronis have discovered a new campaign called Boto Cor-de-Rosa, where the Astaroth banking malware spreads like a worm through WhatsApp Web to steal contact lists and banking credentials. First seen on hackread.com Jump to article: hackread.com/astaroth-banking-trojan-brazil-whatsapp-messages/
-
Astaroth banking Trojan spreads in Brazil via WhatsApp worm
A WhatsApp worm spread the Astaroth banking trojan across Brazil by automatically sending malicious messages to victims’ contacts. Astaroth, a long-running Brazilian banking malware, has evolved in a new campaign dubbed Boto Cor-de-Rosa by abusing WhatsApp Web for propagation. The malware harvests the victim’s WhatsApp contact list and automatically sends malicious messages to each contact,…
-
WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging
Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil.The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit.”The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further…
-
Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registry
Cybersecurity researchers have disclosed details of what appears to be a new strain of Shai Hulud on the npm registry with slight modifications from the previous wave observed last month.The npm package that embeds the novel Shai Hulud strain is “@vietmoney/react-big-calendar,” which was uploaded to npm back in March 2021 by a user named “hoquocdat.”…
-
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts”, and 15 More Stories
Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial apps? This week proves again how hackers, companies, and governments are all locked in a nonstop race to outsmart each other.Here’s a quick rundown of the latest cyber stories that show how fast the game keeps changing. DeFi exploit drains funds Critical…
-
Shai-hulud 2.0 Variant Threatens Cloud Ecosystem
The latest attack from the self-replicating, npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/shai-hulud-variant-cloud-ecosystem
-
âš¡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day, code packages, cloud accounts, email, chat, phones, and “trusted” partners, and turn them against us.One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone,…
-
PostHog admits Shai-Hulud 2.0 was its biggest ever security bungle
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm First seen on theregister.com Jump to article: www.theregister.com/2025/11/28/posthog_shaihulud/
-
Shai Hulud v2 Exploits GitHub Actions to Steal Secrets
A sophisticated supply chain attack has compromised hundreds of npm packages and exposed secrets from tens of thousands of GitHub repositories, with cybersecurity researchers now documenting how attackers weaponized GitHub Actions workflows to bootstrap one of the most aggressive worm campaigns in recent memory. On November 24, 2025, at 4:11 AM UTC, malicious versions of…
-
Neue Variante des Shai-Hulud Worm – Supply-Chain-Angriff trifft über 1.000 npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/npm-pakete-supply-chain-angriff-malware-infektion-a-7058d3a07ba5184bbd66002da6001877/
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…
-
Sha1-Hulud Attack Hits 800+ npm Packages and Thousands of GitHub Repos
Shai-Huluda, a self-replicating npm worm named after the sandworms in Dune, had struck again. This time, the attack was devastating in scale and sophistication, compromising over 800 npm packages with a combined 132 million monthly downloads across the ecosystem. The timing proved particularly strategic. The attack occurred just weeks before npm’s December 9 deadline to…