Tag: worm

Shai-Hulud worm returns stronger and more automated than ever before

Nov 25, 2025 12:49 AM

Tags: github, malware, open-source, worm

Self-replicating malware has infected almost 500 open-source packages, exposing more than 26,000 GitHub repositories in less than 24 hours. First seen on cyberscoop.com Jump to article: cyberscoop.com/supply-chain-attack-shai-hulud-npm/
Infamous Shai-hulud Worm Resurfaces From the Depths

Nov 24, 2025 10:49 PM

Tags: malicious, worm

This campaign introduces a new variant that executes malicious code during preinstall, significantly increasing potential exposure in build and runtime environments, researchers said. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/infamous-shai-hulud-worm-resurfaces-from-depths
Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack

Nov 24, 2025 5:49 PM

Tags: attack, supply-chain, worm

The Shai Hulud worm’s “Second Coming” has compromised over 26,000 public repositories. We detail the attacker’s mistake, the target packages, and mandatory security tips. First seen on hackread.com Jump to article: hackread.com/shai-hulud-npm-worm-supply-chain-attack/
Shai Hulud npm Worm Infects 19,000 Packages in Major Supply Chain Attack

Nov 24, 2025 4:49 PM

Tags: attack, supply-chain, worm

The Shai Hulud worm’s “Second Coming” has compromised over 19,000 public repositories. We detail the attacker’s mistake, the target packages, and mandatory security tips. First seen on hackread.com Jump to article: hackread.com/shai-hulud-npm-worm-supply-chain-attack/
Shai-Hulud worm returns, belches secrets to 25K GitHub repos

Nov 24, 2025 3:49 PM

Tags: github, worm

Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days First seen on theregister.com Jump to article: www.theregister.com/2025/11/24/shai_hulud_npm_worm/
WhatsApp ‘Eternidade’ Trojan Self-Propagates Through Brazil

Nov 20, 2025 3:49 PM

Tags: banking, credentials, data, malware, phishing, worm

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/whatsapp-eternidade-trojan-self-propagates-brazil
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Nov 19, 2025 5:49 PM

Tags: access, attack, banking, control, cybersecurity, Internet, social-engineering, threat, worm

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil.”It uses Internet Message Access Protocol (IMAP) to dynamically retrieve command-and-control (C2) addresses, allowing the threat actor to First seen…
IndonesianFoods worm: a massive spam campaign in the npm ecosystem

Nov 18, 2025 4:49 PM

Tags: spam, worm

First seen on scworld.com Jump to article: www.scworld.com/brief/indonesianfoods-worm-uncovering-a-massive-spam-campaign-in-the-npm-ecosystem
Spam flooding npm registry with token stealers still isn’t under control

Nov 17, 2025 7:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, spam, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.And while this payload merely steals tokens, other threat actors are paying attention, said Sonatype CTO Brian Fox.When Sonatype wrote about the campaign just over a year ago, it found a mere 15,000 packages that appeared to come from a single person.With the swollen numbers reported this week,…
Worm flooding npm registry with token stealers still isn’t under control

Nov 15, 2025 5:49 AM

Tags: access, antivirus, attack, authentication, blockchain, breach, control, credentials, crypto, detection, edr, exploit, finance, firewall, governance, identity, login, malicious, malware, mfa, monitoring, network, open-source, pypi, risk, software, supply-chain, threat, tool, worm

CSO that number has now grown to 153,000.”It’s unfortunate that the worm isn’t under control yet,” said Sonatype CTO Brian Fox.And while this payload merely steals tokens, other threat actors are paying attention, he predicted.”I’m sure somebody out there in the world is looking at this massively replicating worm and wondering if they can ride…
New ‘IndonesianFoods’ worm floods npm with 100,000 packages

Nov 13, 2025 11:49 PM

Tags: spam, worm

A self-spreading package published on npm spams the registry by spawning new packages every every seven seconds, creating large volumes of junk. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-indonesianfoods-worm-floods-npm-with-100-000-packages/
“IndonesianFoods” npm Worm Publishes 44,000 Malicious Packages

Nov 13, 2025 4:49 PM

Tags: malicious, worm

A new npm worm dubbed “IndonesianFoods” has doubled the number of known malicious packages First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/
Hackers Infiltrate npm Registry with 43,000 Spam Packages, Linger for Nearly Two Years

Nov 13, 2025 2:49 PM

Tags: cyber, hacker, malicious, spam, worm

Security researcher Paul McCarty has uncovered a massive coordinated spam campaign targeting the npm ecosystem. The IndonesianFoods worm, comprising over 43,000 malicious packages published across at least 11 user accounts, remained active in the registry for nearly two years before detection. The campaign derives its distinctive name from its unique package naming scheme. The embedded…
Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Nov 13, 2025 8:49 AM

Tags: attack, cybersecurity, spam, worm

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.”The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two…
Over 46,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Nov 13, 2025 7:49 AM

Tags: attack, cybersecurity, spam, worm

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort.”The packages were systematically published over an extended period, flooding the npm registry with junk packages that survived in the ecosystem for almost two…
How GlassWorm wormed its way back into developers’ code, and what it says about open source security

Nov 11, 2025 5:19 AM

Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, worm

adhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
How GlassWorm wormed its way back into developers’ code, and what it says about open source security

Nov 11, 2025 5:19 AM

Tags: access, ai, attack, blockchain, ciso, control, credentials, crypto, cybersecurity, data, data-breach, endpoint, exploit, framework, github, google, infrastructure, law, malicious, malware, marketplace, monitoring, open-source, resilience, service, software, supply-chain, threat, tool, update, worm

adhamu.history-in-sublime-merge (downloaded 4,000 times)ai-driven-dev.ai-driven-dev (downloaded 3,300 times)yasuyuky.transient-emacs (downloaded 2,400 times)All three GlassWorm extensions are “still literally invisible” in code editors, the researchers note. They are encoded in unprintable Unicode characters that look like blank space to the human eye, but execute as JavaScript.The attackers have posted new transactions to the Solana blockchain that outline updated…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Data sovereignty proof: How to verify controls like ‘Project Texas’

Oct 27, 2025 12:26 PM

Tags: access, ai, api, backdoor, breach, business, ceo, cloud, computing, control, country, cyber, cybersecurity, data, encryption, Hardware, iam, identity, infrastructure, jobs, metric, network, radius, RedTeam, risk, service, soc, strategy, supply-chain, threat, worm, zero-trust

“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
Data sovereignty proof: How to verify controls like ‘Project Texas’

Oct 27, 2025 12:26 PM

Tags: access, ai, api, backdoor, breach, business, ceo, cloud, computing, control, country, cyber, cybersecurity, data, encryption, Hardware, iam, identity, infrastructure, jobs, metric, network, radius, RedTeam, risk, service, soc, strategy, supply-chain, threat, worm, zero-trust

“Verification regimes work best when they serve everyone’s interests. The reporting company wants a process that does not impose too many burdens or interrupt workflow while allowing it to demonstrate compliance. Oversight bodies want hard data that is difficult to fake and indicates adherence to the regime. Finally, these systems need to be simple enough…
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Oct 24, 2025 10:26 AM

Tags: attack, cybersecurity, marketplace, microsoft, supply-chain, threat, worm

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack

Oct 24, 2025 10:26 AM

Tags: attack, cybersecurity, marketplace, microsoft, supply-chain, threat, worm

Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks.The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space…
Self-propagating worm found in marketplaces for Visual Studio Code extensions

Oct 22, 2025 5:26 AM

Tags: access, application-security, attack, backdoor, backup, best-practice, blockchain, breach, ciso, control, credentials, crime, crypto, cyber, data, data-breach, endpoint, framework, github, gitlab, google, government, identity, incident response, infrastructure, intelligence, least-privilege, login, malicious, malware, marketplace, network, open-source, resilience, risk, sans, security-incident, software, supply-chain, threat, tool, update, worm

Marketplaces targeted: The Koi Security report is the latest in a series of warnings that threat actors are increasingly targeting VS Code marketplaces in supply chain attacks. Last week, Koi Security exposed a threat actor dubbed TigerJack spreading malicious extensions. And researchers at Wiz just published research showing the widespread abuse of the OpenVSX and…
New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions

Oct 21, 2025 1:26 PM

Tags: credentials, crypto, cyber, infrastructure, malicious, marketplace, threat, worm

GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems…
New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions

Oct 21, 2025 1:26 PM

Tags: credentials, crypto, cyber, infrastructure, malicious, marketplace, threat, worm

GlassWorm is the world’s first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems…
Self-Propagating GlassWorm Attacks VS Code Supply Chain

Oct 21, 2025 12:40 AM

Tags: attack, credentials, supply-chain, worm

The sophisticated worm, which uses invisible code to steal credentials and turn developer systems into criminal proxies, has so far infected nearly 36k machines. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/self-propagating-glassworm-vs-code-supply-chain
âš¡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Oct 13, 2025 4:23 PM

Tags: attack, backup, credentials, cve, cyber, flaw, oracle, ransomware, tool, worm, zero-day

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly, one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done.This week’s edition looks at how attackers are changing the game, linking different flaws, working together across borders, and even turning…
âš¡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Oct 13, 2025 4:23 PM

Tags: attack, backup, credentials, cve, cyber, flaw, oracle, ransomware, tool, worm, zero-day

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly, one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done.This week’s edition looks at how attackers are changing the game, linking different flaws, working together across borders, and even turning…