Advertisement
ChatGPT Share Link Abuse: Fake Outages Deliver Malware
Threat actors leverage ChatGPT share links to host deceptive outage pages, prompting users to download malware disguised as an official desktop app.
PyPI Supply Chain Threat: Deceptive Packages Target Developers
Analysis of malicious Python packages such as cryptography-util using deceptive naming to exfiltrate Discord tokens and system metadata via webhooks.
PCPJack Worm Steals Cloud Credentials, Cleans TeamPCP Access
New PCPJack worm actively targets exposed cloud infrastructure, stealing credentials and removing existing TeamPCP infections. Understand its TTPs and mitigation.
Backdoored PyTorch Lightning Package Drops Credential Stealer
A malicious PyTorch Lightning package on PyPI delivers a credential stealer, targeting browser data, environment variables, and cloud service credentials. Urgent action
AI-Generated npm Supply Chain Attack: DPRK Exploits Claude Opus
North Korean actors leverage LLMs like Claude Opus to insert malicious npm packages into developer workflows, leading to RCE and data theft via @validate-sdk/v2.
Bitwarden CLI Supply Chain Attack: Malicious NPM Package Identified
Researchers have discovered a malicious payload in version 2026.4.0 of the Bitwarden CLI, targeting sensitive vault credentials in build environments.
CanisterSprawl Worm: npm Package Supply Chain Hijack & Token Theft
New CanisterSprawl worm compromises npm packages, propagates by stealing developer tokens via an ICP canister. Threatens software supply chain integrity.
Malicious Crypto Apps on Apple App Store Target Private Keys
Dozens of fake cryptocurrency wallet applications have been found in the Apple App Store, designed to phish users' recovery phrases and private keys, leading to
Malicious Crypto Wallets Infiltrate China's Apple App Store
26 fake cryptocurrency wallet apps infiltrated China's Apple App Store, impersonating popular brands to steal seed phrases and drain user funds.
Axios npm Package Hijacked: Cross-Platform Malware Distribution
Analysis of the Axios npm package hijack distributing remote access trojans to Linux, Windows, and macOS systems. Learn to protect your software supply chain.
Apple Camera Indicator Design: Mitigating Covert Surveillance
Examines Apple's camera indicator light system, its robust hardware-software integration, and how it protects users from malware-enabled covert surveillance and
China-Linked APT Clusters Target SE Asian Government via HIUPAN
Three China-linked threat clusters targeted a Southeast Asian government in 2025 using HIUPAN, PUBLOAD, and EggStremeFuel malware in a complex espionage operation.