VulnHub

A malicious Chrome extension named Crypto Copilot has been identified, capable of injecting hidden Solana transfer fees into swap transactions, redirecting funds to an attacker's wallet. This poses a significant threat to users engaging in cryptocurrency transactions on the Raydium platform, highlighting the need for vigilance against browser-based threats.

The RomCom malware has been distributed using a JavaScript loader called SocGholish, targeting a U.S.-based civil engineering company to deliver the Mythic Agent. This marks the first instance of RomCom being deployed via SocGholish, highlighting a significant development in the tactics of threat actors.

A new cybersecurity campaign is utilizing fake Windows update pop-ups on adult websites to trick users into executing malicious commands. This method combines ClickFix lures with phishing tactics, posing a significant risk to users who visit these sites.

The article discusses a new macOS malware chain attributed to FlexibleFerret, which employs staged scripts and a Go-based backdoor to steal user credentials and maintain persistent access to infected systems. This represents a significant cybersecurity threat to macOS users, emphasizing the need for heightened security measures against such sophisticated attacks.

ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.

Cybersecurity researchers have identified a campaign that exploits Blender Foundation files to distribute StealC V2, a data-stealing malware. This operation has been ongoing for at least six months, posing significant risks to users who download infected .blend files from platforms like CGTrader.

The article reports on a new supply chain attack named 'Shai-Hulud' that has infected 640 NPM packages. This self-replicating worm poses a severe threat as it can erase home directory contents if it fails to propagate to additional repositories.

The new Shai-Hulud worm has infected numerous npm packages, significantly disrupting continuous integration and continuous deployment (CI/CD) workflows globally. This incident poses a serious threat to developers and organizations relying on npm for their software development processes.

The Shai-Hulud worm has emerged as a significant cybersecurity threat, infecting nearly 500 open-source packages and compromising over 26,000 GitHub repositories within a 24-hour period. This incident highlights the increasing automation and strength of self-replicating malware, raising concerns about the security of open-source software ecosystems.