Tag: Malware

Packagist Postinstall Malware: What Developers Should Check

A Packagist and GitHub supply-chain campaign used malicious postinstall hooks to fetch…

Stephanie Adlam

Laravel-Lang Composer Packages Rewritten to Steal CI Secrets

Laravel-Lang Composer packages were compromised through rewritten tags that run a PHP…

Stephanie Adlam

Ghostwriter Uses Prometheus Lures to Drop OYSTERFRESH Malware

CERT-UA says Ghostwriter used compromised accounts and fake Prometheus certificate lures to…

Stephanie Adlam

Nimbus Manticore Uses Fake Installers to Drop MiniFast Backdoor

Check Point says Nimbus Manticore used SEO poisoning, fake software lures, and…

Stephanie Adlam

Microsoft Defender CVE-2026-41091 and CVE-2026-45498 Exploited

Microsoft says two Defender flaws have been exploited. CISA added both to…

Stephanie Adlam

GitHub Internal Repos Exposed Through Poisoned VS Code Extension

GitHub says an employee device was compromised through a poisoned VS Code…

Stephanie Adlam

Fox Tempest Signed Malware Service: Why Valid Signatures Are Not Enough

Microsoft says Fox Tempest operated a malware-signing service. Learn why signed malware…

Stephanie Adlam

Shai-Hulud AntV npm Supply-Chain Wave: What Developers Should Check

Shai-Hulud returned in an AntV npm supply-chain wave affecting hundreds of packages.…

Stephanie Adlam

Operation Ramz Cuts Phishing and Malware Servers in MENA

INTERPOL says Operation Ramz led to 201 arrests and the seizure of…

Stephanie Adlam

SHub macOS Stealer Uses Fake Login Lures to Harvest Data

SentinelOne says SHub Reaper uses fake macOS security and login prompts to…

Stephanie Adlam

FrostyNeighbor Targets Ukraine With PDF Lures and PicassoLoader

ESET says FrostyNeighbor is using fake Ukrtelecom-themed PDF lures, Ukrainian geofencing, JavaScript…

Stephanie Adlam

Microsoft Details Kazuar Botnet Used by Secret Blizzard

Microsoft published a technical analysis of Kazuar, a modular Secret Blizzard botnet…

Stephanie Adlam

AI Assistant

Hello! 👋 How can I help you today?