Tag: worm
-
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/
-
Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework
SAP CAP packages compromised via Claude Code in AI-assisted worm attack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/shai-hulud-strikes-sap-supply-chain-worm-weaponized-claude-code-to-compromise-the-cap-framework/
-
NPM Worm Hits Namastex Packages, Steals Secrets Across Registries
A newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and PyPI ecosystems. The malicious activity centers on Namastex.ai, a company that promotes AI consulting services and autonomous agent systems through its Automagik product line. A set of legitimate-looking…
-
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists of two primary components: a Lua-powered service binary called svcmgmt.exe and a kernel driver named…
-
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges.According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper First seen on thehackernews.com…
-
Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages spread via worm-like propagation and steal developer credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/npm-supply-chain-worm-canister/
-
The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets
Mend.io tracks TeamPCP’s latest supply chain attack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/the-butlerian-jihad-compromised-bitwarden-cli-deploys-npm-worm-poisons-ai-assistants-and-dumps-github-secrets/
-
Malicious pgserve, automagik developer tools found in npm registry
Advice to victimized developers: Developers who have downloaded the malicious versions of pgserver and automagik need to act fast, says Tanya Janca, head of Canadian secure coding consultancy SheHacksPurple.”Rotate every credential you can think of, right now, before you do anything else,” she said. “Then harden your CI/CD network egress controls so your build runners…
-
Another npm supply chain worm is tearing through dev environments
Plus, the payload references ‘TeamPCP/LiteLLM method’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/22/another_npm_supply_chain_attack/
-
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens.The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an…
-
DPRK Fake Job Scams Self-Propagate in ‘Contagious Interview’
A compromised developer’s repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprk-fake-job-scams-self-propagate-contagious-interview
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
Industrial Systems Hit by New Email-Worm Threat Wave
Email-borne worms are driving a fresh wave of incidents against industrial control systems (ICS), even as overall malware activity on these networks appears to be slowly declining. New data from Q4 2025 shows that phishing-driven distribution of the XWorm backdoor has sharply shifted the risk landscape for operational technology (OT) environments worldwide. The share of…
-
PlugX USB Worm Hits Multiple Continents via DLL Sideloading
A new PlugX USB worm variant is driving fresh infection waves across several continents, using DLL sideloading and stealthy USB-based propagation to evade detection. First observed in Papua New Guinea in August 2022, the same strain resurfaced months later not only in the Pacific Rim but also in Ghana, Mongolia, Zimbabwe, and Nigeria, underscoring a…
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones. First seen on techcrunch.com Jump to article: techcrunch.com/2026/04/04/after-fighting-malware-for-decades-this-cybersecurity-veteran-is-now-hacking-drones/
-
Bank Trojan ‘Casbaneiro’ Worms Through Latin America
Augmented Marauder’s multipronged banking-Trojan cyber campaigns are targeting Spanish speakers, evading detection, and replicating rapidly. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bank-trojan-casbaneiro-worms-latin-america
-
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments.The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4, 0.69.5, and 0.69.6 have since been removed from the container image library.”New image tags 0.69.5 and…
-
Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages
The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.The name is a reference to the fact that the malware uses an ICP canister,…
-
Horabot Returns in Mexico, Spreading via Phishing and Email Worm Attacks
Horabot has resurfaced in Mexico with a more complex, multi”‘stage kill chain that blends fake CAPTCHA lures, living-off-the-land scripting, and an email worm”‘style spreader to deliver a Latin American banking trojan. In this installment of the SOC Files series, our MDR team dissected a targeted Horabot campaign that we hunted a few months ago, after…
-
Wikipedia hit by self-propagating JavaScript worm that vandalized pages
The Wikimedia Foundation suffered a security incident today after a self-propagating JavaScript worm began vandalizing pages and modifying user scripts across multiple wikis. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wikipedia-hit-by-self-propagating-javascript-worm-that-vandalized-pages/
-
What to Expect from Iran’s Digital Counterstrike
Tags: attack, breach, cloud, communications, cyber, cyberattack, cybersecurity, data, defense, espionage, exploit, extortion, finance, government, group, hacking, infrastructure, intelligence, international, iran, leak, middle-east, military, network, ransomware, risk, risk-assessment, service, tool, update, vulnerability, wormAfter the United States and Israel began a bombing campaign on Iran, leading to the decapitation of its political and military leaders, the Middle East has erupted into waves of kinetic warfare. But what should we expect about cyber? Iran has a formidable offensive cybersecurity capability and is considered one of the four most aggressive…
-
The Worm Turns When the Hunter Becomes the Hunted Mass Surveillance and the Weaponization of the Data We Voluntarily Create
Explore how advancements in surveillance infrastructure and the democratization of intelligence have transformed espionage. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-worm-turns-when-the-hunter-becomes-the-hunted-mass-surveillance-and-the-weaponization-of-the-data-we-voluntarily-create/
-
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms/