CAI cloud worm gives competitors' malware the boot, then steals secrets and mines for coin
Dog-eat-dog world for credential-stealing attackers
The Worm tag covers self-spreading malware that can spread rapidly, plus reported incidents, technical analysis, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Worms are malware programs that replicate and spread between systems without needing to attach to another file. They may move through exploitable network services, vulnerable applications, removable media, or other connected paths; the route depends on the family. Their defining concern is rapid propagation: one compromised host can seed many others, causing outages or resource exhaustion and, in some cases, delivering additional code or enabling unauthorized access.
Security teams should assess worm reports alongside the affected software and exposure details. Priorities include applying patches or mitigations, disabling unnecessary services, and segmenting networks to limit movement. Monitor for unusual scanning, repeated connection attempts, and clusters of similar infections. During an incident, isolate affected systems, restrict relevant communications where practical, preserve forensic evidence, and verify that vulnerable hosts are remediated before reconnecting them.
Weekly headline count for the current query.
Dog-eat-dog world for credential-stealing attackers
Shai-Hulud worm exploited exactly this. Better late than never, says everyone except the malware authors
As if there weren't enough package poisonings to worry about
Miasma worm shapeshifts, but cloud secret-scouting remains the goal
'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg
TeamPCP? Or copycat malware dev?
Plus three other stealers in three other packages, all from the same scumbag
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing
All your compromised credentials are belong to us now instead of the other gang
Mini Shai-Hulud caught spreading credential-stealing malware
Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…
FAST16 could be the first cyberweapon, and its effects could be with us today Black Hat Asia Infosec outfit SentinelOne found malware that tries to induce errors in engineering and physics simulation software and therefore represents an attempt at sabotage, and suggests it was created years before the Stuxnet worm that aimed to destroy Iran’s uranium enrichment centrifuges.…
Plus, the payload references 'TeamPCP/LiteLLM method' Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as it moves through developers' environments, and it shares significant overlap with the open source infections attributed to TeamPCP last month.…
Automation flaw in CI/CD workflow let a bad pull request unleash worm into npm PostHog says the Shai-Hulud 2.0 npm worm compromise was "the largest and most impactful security incident" it's ever experienced after attackers slipped malicious releases into its JavaScript SDKs and tried to auto-loot developer credentials.…
Trojanized npm packages spread new variant that executes in pre-install phase, hitting thousands within days A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.…
Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.…
UK holds onto oversight by a whisker, but it's utterly barefaced on the other side of the pond Opinion The UK government's attempts to worm into Apple's core end-to-end encryption were set back last week when the country's Home Office failed in its bid to keep them secret on national security grounds.…
The device that makes it possible is required in all American big rigs, and has poor security Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to boffins at Colorado State University.…
It's not all doom and gloom because ML also amplifies defensive efforts, probably Bots like ChatGPT may not be able to pull off the next big Microsoft server worm or Colonial Pipeline ransomware super-infection but they may help criminal gangs and nation-state hackers develop some attacks against IT, according to Rob Joyce, director of the NSA's Cybersecurity Directorate.…