Malware
New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages
TL;DR Sonatype Security Research is tracking a new Shai-Hulud Miasma wave with 281 malicious npm package versions that move beyond obvious preinstall and postinstall scripts in package.json. This variant abuses binding.gyp to ...
AI-Powered Computer Worm Reveals New Cybersecurity Threat
Researchers at the University of Toronto have demonstrated a new form of AI-powered computer worm that can adapt its attacks as it moves through a network, raising concerns that hackers could use ...
Lazarus Group’s Latest: Brandjacking Campaign on npm
TL;DR Sonatype Security Research is tracking a Lazarus Group npm campaign using dozens of malicious packages to abuse developer trust and deliver follow-on payloads. The campaign goes beyond typosquatting, relying on brandjacking ...
Red Hat Cloud Services npm Packages Hijacked
A new wave of malicious npm activity has been reported involving multiple packages in the legitimate @redhat-cloud-services namespace ...
Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99 ...
Microsoft Disrupts Fox Tempest Malware-Signing-as-a-Service Platform Tied to Ransomware Gangs
What happened Microsoft unsealed a legal case in US District Court on Tuesday detailing the disruption of Fox Tempest, a malware-signing-as-a-service platform that has operated since May 2025, providing ransomware affiliates and ...
Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target
Why bother hunting for a CVE when you can just publish malicious code straight into the software supply chain? That’s the story behind the latest wave of Shai-Hulud-related npm compromises, which recently ...
How Fraud Teams Use Identity Intelligence to Stop Account Takeover
Account takeover is no longer a perimeter problem Account takeover (ATO) has become one of the most persistent and costly forms of fraud. And yet, many organizations are still trying to solve ...
Attackers Use Fake OpenAI Model to Push Credential-Stealing Malware
A fraudulent AI model posing as an OpenAI release briefly became one of the most downloaded projects on Hugging Face before researchers determined it was distributing credential-stealing malware to Windows systems. The ...
TrickMo Android Banker Adopts TON Blockchain for Covert Command-and-Control
What happened ThreatFabric has identified a new variant of the TrickMo Android banking malware, tracked as Trickmo.C, that introduces TON blockchain-based command-and-control communications designed to resist traditional takedown methods. The variant has ...
