malicious

  • Blog

    Malicious Rspack, Vant packages published using stolen NPM tokens

    Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…

    Read More »
  • Blog

    Malicious ads push Lumma infostealer via fake CAPTCHA pages

    A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. The campaign leveraged the Monetag ad network to propagate over one million ad impressions daily across three thousand websites. The malicious operation, dubbed “DeceptionAds” by Guardio Labs and Infoblox researchers, is believed…

    Read More »
  • Blog

    OpenWrt Sysupgrade flaw let hackers push malicious firmware images

    A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a highly customizable, open-source, Linux-based operating system designed for embedded devices, particularly network devices like routers, access points, and other IoT hardware. The project is a popular alternative to a manufacturer’s firmware as it offers numerous…

    Read More »
  • Blog

    QR codes bypass browser isolation for malicious C2 communication

    Mandiant has identified a novel method to bypass browser isolation technology and achieve command-and-control operations through QR codes. Browser isolation is an increasingly popular security technology that routes all local web browser requests through remote web browsers hosted in a cloud environment or virtual machines. Any scripts or content on the visited web page is executed on the remote browser rather…

    Read More »
  • Blog

    New NachoVPN attack uses rogue VPN servers to install malicious updates

    A set of vulnerabilities dubbed “NachoVPN” allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. AmberWolf security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering…

    Read More »
  • Blog

    GitHub projects targeted with malicious commits to frame researcher

    GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. ‘Innocent looking PR’ caught injecting backdoor On Tuesday, Alex Cheema, co-founder of EXO Labs warned everyone…

    Read More »
  • Blog

    Malicious PyPI package with 37,000 downloads steals AWS keys

    A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice typosquatting the legitimate SSH remote server…

    Read More »
  • Blog

    Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachments

    Hackers are refining their ‘qishing’ techniques by hiding malicious QR codes in PDF documents attached to emails impersonating major organizations. New research from Barracuda Networks highlighted the rapid evolution of qishing attacks – a social engineering technique that uses QR codes to redirect users to phishing pages – which has grown over the last three months. Threat intelligence researchers at…

    Read More »
Back to top button
close