node-ipc npm Package Compromised With Credential Stealer
Malicious node-ipc versions 9.1.6, 9.2.3, and 12.0.1 were published to npm with…
KongTuke Uses Microsoft Teams Help-Desk Lures to Drop ModeloRAT
KongTuke moved from web-based ClickFix lures into external Microsoft Teams chats, using…
RubyGems Pauses Signups After Malicious Package Attack
RubyGems disabled new account registration after reports of hundreds of malicious packages,…
Mini Shai-Hulud Hits TanStack npm Packages With Signed Malware
Mini Shai-Hulud abused trusted publishing to ship malicious TanStack npm packages with…
TrickMo.C Android Banker Turns Phones Into Proxy Nodes
TrickMo.C moves Android banking malware control to TON/.adnl and adds proxy/pivot features,…
Checkmarx Jenkins Plugin Compromise Put CI Secrets at Risk
A rogue Checkmarx AST Scanner Jenkins plugin release put CI/CD source code…
cPanel CVE-2026-41940 Exploited to Drop Filemanager Backdoor
Attackers are exploiting cPanel & WHM CVE-2026-41940 to deploy a Filemanager backdoor,…
PamDOORa Linux PAM Backdoor Turns SSH Login Into a Trap
PamDOORa is a Linux PAM-based backdoor marketed for persistent OpenSSH access and…
Fake Claude Code Ads Push MacSync Stealer on macOS
A Google Ads malvertising campaign used fake Claude Code install pages and…
Fake OpenAI Hugging Face Repo: Infostealer Warning
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model…
Is JDownloader Safe?
JDownloader says attackers changed several official website download links on May 6-7,…
QLNX RAT Targets Linux Developer and Cloud Credentials
Trend Micro reports QLNX, a Linux-focused Quasar RAT variant that combines persistence,…
