New North Korean campaign uses fake coding interviews to steal developer credentials
Elastic Security Labs has identified a new campaign from the DPRK-aligned group known as Contagious...
Tag archive
Elastic Security Labs has identified a new campaign from the DPRK-aligned group known as Contagious...
Researchers have identified a new APT campaign named 'HelloNet' that targets large organizations in...
Cisco Talos has identified a new Russian-speaking, financially motivated threat actor designated as...
This article explores the implementation of user-defined intrinsics within Crystal Palace, a feature...
Two weeks ago, a Windows trojan slipped into my MCP (Model Context Protocol) marketplace. The malware...
International authorities from the EU, UK, and United States have launched a coordinated crackdown on...
Advanced malware attributed to China-linked threat actors, specifically the Daxin kernel-mode rootkit...
If you've spent any time in cybersecurity, you've probably heard the Stuxnet story thrown around as...
Deep Dive: Sdbot (Rat) Today we are analyzing the Sdbot malware family, which falls under...
A Unit 42 report details the evolution of npm supply chain attacks since the Shai-Hulud worm in 2025. It describes recent 2026 campaigns by the threat actor TeamPCP and the deployment of a new Miasma RAT variant. A significant attack on July 14, 2026, compromised AsyncAPI's GitHub repositories by exploiting unprotected pre-production branches in its CI/CD pipeline. This allowed attackers to bypass code reviews, steal credentials like NPM_TOKEN, and publish trojanized packages. The Miasma payload uses a multi-stage, obfuscated process, fetches a second stage from IPFS, and establishes persistence on compromised developer systems. The analysis highlights a strategic shift towards more sophisticated, systematic campaigns targeting software development lifecycles.
A new information-stealing malware for macOS, dubbed 'CrashStealer,' is actively being used in targeted attacks. The malware evades Apple's Gatekeeper by using a notarized installer and impersonates the legitimate 'CrashReporter.app' to trick users into entering their system password. Once obtained, CrashStealer unlocks the macOS Keychain to steal saved passwords, browser credentials, and data from dozens of cryptocurrency wallet applications. The campaign appears highly targeted, with distribution from a PIN-protected website.
TeamPCP — el grupo detrás del ataque a Trivy — lanzó CanisterWorm, un gusano npm que se auto-propaga por 135 paquetes usando tokens robados y un C2 en blockchain imposible de derribar.