Advertisement
Red Hat npm Supply Chain Compromise: Miasma Steals Dev Credentials
Over 30 Red Hat npm packages under @redhat-cloud-services were compromised in a supply chain attack distributing Miasma malware to steal developer credentials.
Miasma Supply Chain Attack: Defending Red Hat npm Environments
Analysis of the Miasma supply chain attack targeting Red Hat npm packages with credential-stealing worms. Technical details and mitigation guide for SOC teams.
Romanian Hacker Sentenced for Breach of Oregon Government Networks
Adrian-Tiberiu Oprea sentenced to 56 months for a multi-year cyber campaign targeting Oregon government systems and dozens of U.S. organizations.
Ajax Football Club Hack: Suspect Arrested in Almere Data Breach
Dutch police arrested a 35-year-old suspect linked to the AFC Ajax data breach involving the theft of sensitive personal data of players and staff.
Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories
Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.
GitHub Repository Breach: 3,800 Repos Accessed via VS Code Extension
GitHub confirms a security incident where a malicious VS Code extension compromised an employee account, leading to the unauthorized access of 3,800 repos.
OpenClaw 'Claw Chain' Vulnerabilities: Credential Theft, Persistence
Analysis of 'Claw Chain' vulnerabilities in OpenClaw, an AI agent framework, detailing credential theft, privilege escalation, and persistence risks. Patching guidance
Compromised Checkmarx Jenkins Plugin Spreads Infostealer
Official Checkmarx Jenkins AST plugin version 2023.2.7 was compromised with an infostealer, risking credentials and system data. Immediate uninstallation and credential
PCPJack Worm: Analyzing the Malware Displacement in Cloud Environments
PCPJack is a new Golang-based worm targeting AWS, Docker, and Kubernetes. Learn how it removes TeamPCP and steals credentials to compromise cloud infrastructure.
ShinyHunters Defaces Canvas Login Portals in Extortion Campaign
ShinyHunters breached Instructure, defacing Canvas login portals for numerous educational institutions, potentially impacting user credentials and initiating extortion.
Google Ads Phishing Campaign Targets GoDaddy ManageWP Users
A persistent phishing campaign leverages malicious Google Ads to steal GoDaddy ManageWP credentials, risking extensive WordPress site compromises.
CloudZ RAT Exploits Windows Phone Link to Steal Credentials and OTPs
Researchers identify CloudZ RAT and the Pheno plugin exploiting Windows Phone Link to bypass MFA by stealing one-time passwords from synchronized devices.