VulnHub

Real-time Cybersecurity News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Security Affairs
Actively Exploited
Malware

Overview

Recent reports indicate that the popular npm package 'node-ipc' has been compromised with a credential-stealing malware. This incident affects developers who rely on this package for their applications, potentially exposing sensitive user information. Additionally, a new group called TeamPCP has emerged, deploying clones of the Shai-Hulud malware, which may pose further risks to various systems. Moreover, active supply chain attacks have targeted '@antv' packages on npm, putting more developers at risk. The compromised GitHub Action 'actions-cool/issues-helper' has also been found to redirect all tags to malicious endpoints, heightening concerns over the security of widely-used development tools. Developers and organizations should take immediate precautions to secure their environments and monitor for any unusual activity.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: node-ipc npm package, @antv packages on npm, actions-cool/issues-helper GitHub Action
  • Action Required: Developers should remove the compromised packages immediately and replace them with verified alternatives.
  • Timeline: Newly disclosed

Original Article Summary

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to […]

Impact

node-ipc npm package, @antv packages on npm, actions-cool/issues-helper GitHub Action

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should remove the compromised packages immediately and replace them with verified alternatives. Regularly audit dependencies and update all packages to their latest, secure versions. Implement monitoring for suspicious activities in development environments.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

BleepingComputer

A significant security vulnerability has been identified in Ghost CMS, specifically a SQL injection flaw labeled CVE-2026-26980. Attackers are exploiting this weakness to inject harmful JavaScript code, which activates ClickFix attack flows across numerous websites utilizing this content management system. This exploitation poses a serious risk to users by potentially compromising their data and functionality of affected sites. Ghost CMS users, particularly those running outdated versions, should take immediate action to secure their systems. This incident highlights the ongoing need for vigilance in web security and the importance of keeping software up to date.

May 24, 2026

Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious

Security Affairs

Anthropic's AI initiative, Project Glasswing, has identified over 10,000 serious vulnerabilities within just one month of operation. This alarming discovery exposes a significant gap in the ability of organizations to patch and manage these vulnerabilities effectively. The vulnerabilities range in severity from high to critical, raising concerns for companies and users who rely on the affected systems. As the number of vulnerabilities continues to grow, it becomes increasingly clear that many organizations struggle with timely patching and security management. This situation not only jeopardizes the security of sensitive data but also highlights the urgent need for improved cybersecurity practices across the industry.

May 24, 2026

Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited

Help Net Security

Last week, the hacking group TeamPCP claimed to have breached GitHub's internal codebase by using a poisoned Visual Studio Code (VS Code) extension. GitHub, owned by Microsoft, confirmed the breach and has since launched an investigation into how their private code repositories were compromised. This incident raises serious concerns about the security of development tools widely used by programmers. Moreover, researchers recently discovered a critical flaw in NGINX, a popular web server software, which is being actively exploited. These incidents highlight the ongoing vulnerabilities in essential software and the need for robust security measures to protect sensitive information.

May 24, 2026

Laravel Lang packages hijacked to deploy credential-stealing malware

BleepingComputer

A recent supply chain attack has compromised Laravel Lang localization packages, leading to the distribution of credential-stealing malware. Attackers exploited GitHub version tags to insert malicious code into Composer packages, which are widely used by developers for PHP applications. This incident puts numerous developers at risk, as the malicious packages can steal sensitive information such as login credentials. Those using affected Laravel Lang packages need to be vigilant and check their dependencies to ensure they are not using compromised versions. The attack raises concerns about the security of open-source software and the potential for similar incidents in the future.

May 23, 2026

Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes

BleepingComputer

Italian officials have taken action against the CINEMAGOAL app, a piracy tool that illegally provided access to popular streaming services like Netflix, Disney+, and Spotify. The app was reportedly using stolen authentication codes to bypass payment systems, allowing users to access content without subscriptions. This crackdown is significant as it not only protects the intellectual property rights of these streaming platforms but also highlights ongoing challenges in combating online piracy. By dismantling this network, authorities aim to deter similar activities in the future and safeguard legitimate services. The action is part of a broader effort to enforce copyright laws and ensure users are not misled into using illegal services.

May 23, 2026

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

The Hacker News

Anthropic announced that its Project Glasswing has identified over 10,000 high- or critical-severity vulnerabilities in widely-used software since its launch last month. This initiative involves collaboration with around 50 partners and focuses on software deemed systemically important on a global scale. These vulnerabilities pose significant risks to organizations and users relying on this software, potentially exposing them to data breaches or cyberattacks. The findings emphasize the urgent need for software developers and companies to address these flaws promptly to safeguard their systems and users. This proactive approach highlights the role of AI in enhancing cybersecurity efforts.

May 23, 2026