Claude Code leak used to push infostealer malware on GitHub
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. [...]
Source code with a side of Vidar stealer and GhostSocks Tens of thousands of people eagerly downloaded the leaked Claude Code source code this week, and some of those downloads came with a side of credential-stealing malware.…
Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure
Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer
A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.
Cops Recover Redline, Meta Infostealer Data; Promise Criminal Users: 'See You Soon'The Dutch National Police, working with the FBI, say they've disrupted the Redline and Meta info-stealing malware services after obtaining "full access" to them, including source code and extensive details pertaining to their users, with follow-on "legal actions" now "underway."
Threat actors are using legitimate network assets and open source code to fly under the radar in data-stealing attacks using a set of custom malware bent on evasion.
Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.
An unauthorized party caused the intermittent redirection of customer websites
Web hosting services provider GoDaddy on Friday disclosed a multi-year security breach that enabled unknown threat actors to install malware and siphon source code related to some of its services
Web hosting giant GoDaddy says unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment. [...]