Malware
Inside a malicious infrastructure delivering EtherRAT, phishing pages, and malicious softwareÂ
We found EtherRAT malware being distributed by a website with a strange homepage. Following the trail, we discovered a vast network of malicious infrastructures, distributing malware, malicious documents, remote desktop software, and phishing pages. ...
Ghost CMS Under Siege: How a SQL Injection Turned 700+ Blogs Into Malware Distribution Networks
A critical SQL injection in Ghost CMS turned 700+ sites into malware launchers. Harvard, Oxford, DuckDuckGo compromised. Here's what happened and what to do ...
New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages
TL;DR Sonatype Security Research is tracking a new Shai-Hulud Miasma wave with 281 malicious npm package versions that move beyond obvious preinstall and postinstall scripts in package.json. This variant abuses binding.gyp to ...
AI-Powered Computer Worm Reveals New Cybersecurity Threat
Researchers at the University of Toronto have demonstrated a new form of AI-powered computer worm that can adapt its attacks as it moves through a network, raising concerns that hackers could use ...
Lazarus Group’s Latest: Brandjacking Campaign on npm
TL;DR Sonatype Security Research is tracking a Lazarus Group npm campaign using dozens of malicious packages to abuse developer trust and deliver follow-on payloads. The campaign goes beyond typosquatting, relying on brandjacking ...
Red Hat Cloud Services npm Packages Hijacked
A new wave of malicious npm activity has been reported involving multiple packages in the legitimate @redhat-cloud-services namespace ...
Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99 ...
Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Platform Tied to Ransomware Gangs
What happened Microsoft unsealed a legal case in US District Court on Tuesday detailing the disruption of Fox Tempest, a malware-signing-as-a-service platform that has operated since May 2025, providing ransomware affiliates and ...
Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target
Why bother hunting for a CVE when you can just publish malicious code straight into the software supply chain? That’s the story behind the latest wave of Shai-Hulud-related npm compromises, which recently ...
How Fraud Teams Use Identity Intelligence to Stop Account Takeover
Account takeover is no longer a perimeter problem Account takeover (ATO) has become one of the most persistent and costly forms of fraud. And yet, many organizations are still trying to solve ...
