Novo ciberataque “Shai-Hulud” propaga-se como um verme e compromete 187 pacotes npm
🔗 https://tugatech.com.pt/t71903-novo-ciberataque-shai-hulud-propaga-se-como-um-verme-e-compromete-187-pacotes-npm

#API #ataque #cascata #CD #CI #ciberataque #Github #google #javascript #linkedin #malware #npm #phishing #riscos #segurança #servidor #software 

Novo ciberataque “Shai-Hulud” propaga-se como um verme e compromete 187 pacotes npm
🔗 https://tugatech.com.pt/t71903-novo-ciberataque-shai-hulud-propaga-se-como-um-verme-e-compromete-187-pacotes-npm

#API #ataque #cascata #CD #CI #ciberataque #Github #google #javascript #linkedin #malware #npm #phishing #riscos #segurança #servidor #software 

😉 Self-Replicating npm

“When a developer installs a compromised package, the malware will look for a npm token in the environment,” said Charlie Eriksen, a researcher for the Belgian security firm Aikido. “If it finds it, it will modify the 20 most popular packages that the npm token has access to, copying itself into the package, and publishing a new version.”

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

#npm #malware #opensource

😉 Self-Replicating npm

“When a developer installs a compromised package, the malware will look for a npm token in the environment,” said Charlie Eriksen, a researcher for the Belgian security firm Aikido. “If it finds it, it will modify the 20 most popular packages that the npm token has access to, copying itself into the package, and publishing a new version.”

https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/

#npm #malware #opensource

There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.

I found an Ad of the same kind on Duck Duck Go, so it's not just Google.

The details of the attack are described in detail in this article.

https://arcticwolf.com/resources/blog/gpugate-malware-malicious-github-desktop-implants-use-hardware-specific-decryption-abuse-google-ads-target-western-europe/

#Security#GitHub#Malware#InfoSec

There is an on-going malware attack targeting users of GitHub Desktop by buying ads on search engines that link to a committed Readme files on the GitHub Desktop repo with links to malicious versions of the app. This attack is on-going. I just found another attempt from a few days ago.

I found an Ad of the same kind on Duck Duck Go, so it's not just Google.

The details of the attack are described in detail in this article.

https://arcticwolf.com/resources/blog/gpugate-malware-malicious-github-desktop-implants-use-hardware-specific-decryption-abuse-google-ads-target-western-europe/

#Security#GitHub#Malware#InfoSec

🚨 18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security

｢ At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency ｣

https://krebsonsecurity.com/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/

#npm #malware #cybersecurity

BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/

#malware #github #nx #cybersecurity

BleepingComputer: AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack

https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/

#malware #github #nx #cybersecurity

https://www.threatfabric.com/blogs/android-droppers-the-silent-gatekeepers-of-malware

#cybersecurity

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/

Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/

Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/

Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/

#reverseengineering #windows #cybersecurity #malware

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/

Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/

Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/

Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/

#reverseengineering #windows #cybersecurity #malware

REMINDER:
everything created by #techbros should be treated as #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise :
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/

REMINDER:
everything created by #techbros should be treated as #malware. i would treat the so-called open source version of the not-so Open AI as a classic trojan, wooden horse and otherwise :
https://arstechnica.com/ai/2025/08/openai-releases-its-first-open-source-models-since-2019/

AquaSec deckte jetzt eine üble Malware für Linux auf, wobei verseuchte Bilddateien den Angriffsvektor beinhalten: Koske verbreitet sich - aktuell - über präparierte Pandabärbilder, die ein Script in C mit der unangenehmen Payload mitbringen. Offensichtlich half ein LLM bei der Entwicklung der Malware. Schöne, neue KI-Welt.

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

#Linux #malware #infosec #koske #ki #ai

AquaSec deckte jetzt eine üble Malware für Linux auf, wobei verseuchte Bilddateien den Angriffsvektor beinhalten: Koske verbreitet sich - aktuell - über präparierte Pandabärbilder, die ein Script in C mit der unangenehmen Payload mitbringen. Offensichtlich half ein LLM bei der Entwicklung der Malware. Schöne, neue KI-Welt.

https://www.aquasec.com/blog/ai-generated-malware-in-panda-image-hides-persistent-linux-threat/

#Linux #malware #infosec #koske #ki #ai

🚨 Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#gravityforms #supplychainattack #malware #wordpress

Mexiko: Untersuchung wegen mutmaßlicher Schmiergeldzahlung beim Kauf von Pegasus

Beim Kauf der Spionagesoftware Pegasus soll Mexikos Ex-Präsident Enrique Peña Nieto Schmiergeld kassiert haben. Die Staatsanwaltschaft leitet Ermittlungen ein.

https://www.heise.de/news/Mexiko-Untersuchung-wegen-mutmasslicher-Schmiergeldzahlung-beim-Kauf-von-Pegasus-10483500.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Malware#Netzpolitik#Pegasus #news

Mexiko: Untersuchung wegen mutmaßlicher Schmiergeldzahlung beim Kauf von Pegasus

Beim Kauf der Spionagesoftware Pegasus soll Mexikos Ex-Präsident Enrique Peña Nieto Schmiergeld kassiert haben. Die Staatsanwaltschaft leitet Ermittlungen ein.

https://www.heise.de/news/Mexiko-Untersuchung-wegen-mutmasslicher-Schmiergeldzahlung-beim-Kauf-von-Pegasus-10483500.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Malware#Netzpolitik#Pegasus #news