VulnHub

Real-time Cybersecurity News

Vidar infostealer evolves, uses image files for stealthy attacks

SCM feed for Latest
Actively Exploited
Malware

Overview

The Vidar infostealer has adapted its tactics to launch stealthy attacks by using social engineering techniques. Recent campaigns have taken advantage of a leak related to Claude Code by creating fake GitHub repositories that trick users into downloading malicious payloads disguised as legitimate image files. This approach allows attackers to bypass some traditional security measures, making it harder for users to detect the threat. Those who download the infected files could have their personal data stolen, including sensitive information and credentials. As this method becomes more prevalent, users must be cautious about the sources of their downloads and verify the authenticity of repositories before accessing them.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Users downloading files from fake GitHub repositories
  • Action Required: Users should verify the authenticity of GitHub repositories and avoid downloading files from untrusted sources.
  • Timeline: Newly disclosed

Original Article Summary

The latest Vidar campaign leverages social engineering, exploiting a recent Claude Code leak by setting up fake GitHub repositories.

Impact

Users downloading files from fake GitHub repositories

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should verify the authenticity of GitHub repositories and avoid downloading files from untrusted sources.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

38 Vulnerabilities Found in OpenEMR Medical Software

SecurityWeek

A recent security assessment has identified 38 vulnerabilities in OpenEMR, a widely used medical software platform. Some of these vulnerabilities could allow attackers to access and modify sensitive patient information, raising significant concerns for healthcare providers that rely on this software to manage patient records. Given the critical nature of health data, these vulnerabilities pose a serious risk to patient privacy and safety. OpenEMR users, including medical practices and clinics, should take immediate action to secure their systems. The findings emphasize the need for regular security audits and timely updates to safeguard against potential breaches.

Apr 29, 2026

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Hackread – Cybersecurity News, Data Breaches, AI and More

Researchers at Novee have identified a serious vulnerability in Cursor AI, designated as CVE-2026-26268. This flaw could allow attackers to execute malicious code when developers clone repositories, potentially compromising their systems. The vulnerability is particularly concerning for those using Cursor AI in their development workflows, as it opens up a pathway for exploitation that could lead to data breaches or the introduction of harmful code. Developers and organizations using this integrated development environment should take immediate action to assess their systems for this vulnerability and understand the risks involved. Awareness and prompt remediation are crucial to maintaining security in software development processes.

Apr 29, 2026

Critical GitHub Vulnerability Exposed Millions of Repositories

SecurityWeek

A significant vulnerability, identified as CVE-2026-3854, has been discovered in GitHub.com and GitHub Enterprise Server, potentially allowing remote code execution. This flaw poses a risk to millions of repositories hosted on these platforms, which are widely used by developers and organizations for version control and collaboration. If exploited, attackers could execute arbitrary code, leading to unauthorized access and manipulation of sensitive codebases. The discovery emphasizes the need for users to remain vigilant and update their systems promptly to mitigate potential risks. GitHub has urged users to apply the latest patches to safeguard their repositories against this vulnerability.

Apr 29, 2026

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

The Hacker News

A serious SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in BerriAI's LiteLLM Python package, with a high CVSS score of 9.3. Remarkably, this flaw has already been actively exploited within just 36 hours of its public disclosure. Attackers can use this vulnerability to modify the database underlying the application, posing significant risks to any systems using LiteLLM. Organizations that rely on this package need to act quickly to protect their data and systems from potential breaches. Users should remain vigilant and apply necessary updates or patches as soon as they are available to mitigate these risks.

Apr 29, 2026

The Exchange Online security controls organizations keep getting wrong

Help Net Security

In a recent interview, Scott Schnoll, a Microsoft MVP for Exchange, discussed common mistakes organizations make regarding security controls in Exchange Online. He emphasized the importance of understanding the Shared Responsibility Model, where Microsoft manages cloud security while organizations are responsible for their data and configurations. Schnoll pointed out that legacy protocols like SMTP AUTH often remain enabled due to dependencies on older systems, which can create vulnerabilities. He also identified critical controls that are frequently overlooked, such as Conditional Access and Privileged Identity Management (PIM), and noted the gaps in audit logs that can hinder effective monitoring. Organizations need to take immediate action to adjust default settings and implement better security practices to protect their environments.

Apr 29, 2026

FIDO Alliance wants to keep AI agents from going rogue on online payments

Help Net Security

The FIDO Alliance is taking steps to address the growing use of AI agents in online transactions, which are increasingly able to shop, log in, and perform tasks with minimal user input. This shift raises concerns about security and trust when AI acts on behalf of users. To tackle these issues, the Alliance has announced initiatives aimed at establishing shared standards for how AI agents authenticate themselves, follow user instructions, and conduct transactions. As AI becomes more integrated into everyday tasks, ensuring that these agents operate securely and as intended is crucial for protecting users and their financial information. The development of these standards is an important move in adapting to the evolving landscape of online payments and AI technology.

Apr 28, 2026