Npm Supply Chain Malware Attack Targets Developers With Worm-Like Propagation
Malicious npm packages spread via worm-like propagation and steal developer credentials
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Malicious npm packages spread via worm-like propagation and steal developer credentials
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
VoidLink, a Linux-based C2 framework, facilitates credential theft, data exfiltration across clouds
TamperedChef creates backdoors and steals user credentials – particularly in organizations reliant on technical equipment
A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access
A long-running malware campaign targeting WordPress via a rogue plugin has been observed skimming data, stealing credentials and user profiling
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft
Microsoft said the ongoing phishing campaign is designed to infect hospitality firms with multiple credential-stealing malware
Picus Security reports infostealer surge after revealing credentials appear in 29% of malware
Browser-based cyber-threats surged in 2024, with credential abuse and infostealers on the rise
New AppLite Banker malware targets Android devices, employing advanced phishing techniques to steal credentials and data
Rapid7 warned that users of Justice AV Solutions (JAVS) Viewer v8.3.7 recording software are at high risk of stolen credentials and having malware installed
Recorded Future details a novel campaign that abuses legitimate internet services to deploy multiple malware variants for credential theft
Researchers detail the DLL side-loading technique used to deploy malware that facilitates credential theft and lateral movement
The deployment of custom credential theft malware is the main novelty of the new campaign
The malware had additional exfiltration techniques compared to previously studied variants