Articles tagged "Malware"

Found 634 articles

On July 14, researchers from OX Security revealed that several AsyncAPI npm packages were compromised, leading to the injection of malware capable of stealing information, stealing cryptocurrency, and allowing remote access to infected systems. The packages affected include @asyncapi/generator version 3.3.1 and @asyncapi/generator-components version 0.7.1, which collectively have over 2 million downloads each week. This incident poses significant risks to developers and organizations using these packages, as the malicious code could potentially lead to severe data breaches and financial losses. Users of these packages are urged to take immediate action to secure their systems and avoid using the compromised versions. The discovery of this attack underscores the vulnerabilities present in the npm ecosystem and the importance of maintaining vigilance against supply chain attacks.

Read Original

Kaspersky's GReAT team has identified a new malware framework called OkoBot that specifically targets cryptocurrency users. This sophisticated malware utilizes a component known as TookPS to steal sensitive information, such as seed phrases, and monitor activities on Chromium-based browsers. Additionally, OkoBot can install various types of malware, including the Rilide stealer, which further compromises users' security. This threat is particularly concerning for those involved in cryptocurrency transactions, as it can lead to significant financial losses and privacy violations. Users need to be vigilant and consider enhancing their security measures to protect against these evolving threats.

Read Original

Recent findings reveal that four npm packages associated with the @asyncapi namespace have been compromised to distribute a multi-stage botnet loader. The affected packages include @asyncapi/generator-helpers version 1.1.1, @asyncapi/generator-components version 0.7.1, @asyncapi/generator version 3.3.1, and specific versions of @asyncapi/specs (v6.11.2 and v6.11.2-alpha.1). This incident is significant as it exposes users of these libraries to potential malware infections, which could lead to broader security issues. Developers and organizations utilizing these packages should take immediate action to assess their systems for any unauthorized changes and consider removing the compromised packages until updates are available. This situation underscores the risks associated with open-source package management and the importance of vigilance in software supply chain security.

Read Original
Actively Exploited

A new remote access Trojan (RAT) called LabubaRAT has been discovered, which poses a significant risk to users by disguising itself as NVIDIA's container runtime toolkit. The malware uses a file named 'nvidia-sysruntime.exe' to trick users into executing it, potentially leading to unauthorized access to their systems. This tactic of impersonation could mislead individuals and organizations, making it easier for attackers to infiltrate networks. Users of NVIDIA software, especially those involved in containerization or graphics processing, should be particularly cautious. The emergence of LabubaRAT serves as a reminder of the ongoing challenges in cybersecurity and the need for vigilance against such deceptive tactics.

Read Original
Actively Exploited

A threat actor has created nearly 300 fake GitHub repositories that mimic legitimate software and security projects to spread infostealer malware. This malware is designed to steal sensitive information from users who mistakenly download these malicious programs, thinking they are legitimate. Researchers discovered that these counterfeit repositories could easily deceive unsuspecting developers and users, leading to potential data breaches. The incident raises concerns about the security of open-source platforms like GitHub, where users often rely on repository authenticity to download software safely. Users and organizations need to be vigilant and verify the legitimacy of software before downloading to avoid falling victim to these types of attacks.

Read Original
Critical
Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm Packages

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Researchers at Upwind have identified a coordinated supply chain attack that has compromised multiple AsyncAPI npm packages. This attack affects various repositories, publishing pipelines, and developer systems, putting many developers at risk. The compromised packages could potentially allow attackers to inject malicious code into applications that rely on these libraries, posing a significant threat to the integrity of software projects. Developers using these AsyncAPI packages should be vigilant and assess their systems for any signs of compromise. This incident serves as a reminder of the vulnerabilities within software supply chains and the need for enhanced security measures.

Read Original

A new attack method is being rented out on a large scale, posing challenges for cybersecurity defenses. This particular technique manages to bypass traditional antivirus (AV) and endpoint detection and response (EDR) solutions, making it difficult for organizations to detect. Researchers suggest that the most effective way to identify this threat is through YARA analysis. This situation raises concerns for companies relying on standard security measures, as it indicates a shift in how attackers are approaching their targets. Organizations should consider updating their detection strategies to include YARA rules to improve their defenses against this emerging threat.

Read Original
Actively Exploited

CISA has issued a warning about active exploitation of several vulnerabilities in on-premises SharePoint Server instances, specifically CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164. These vulnerabilities allow attackers to execute remote code and potentially steal sensitive data from affected systems. All supported versions of SharePoint Server, including the Subscription Edition, 2019, and 2016, are at risk. Organizations are advised to monitor their SharePoint Servers for unusual activities and to apply the latest patches from Microsoft. Additional vulnerabilities have been identified but are not yet known to be exploited, emphasizing the need for prompt updates and hardening measures to prevent possible breaches.

Read Original

Nihon Kotsu, Japan's largest taxi company, experienced a significant disruption to its services due to a malware attack that occurred on July 11, 2026. The company reported unauthorized external access to its internal systems, leading to a temporary shutdown of dispatch and booking operations. This incident has affected thousands of customers relying on taxi services in Tokyo and surrounding areas. By taking immediate action to shut down their systems, Nihon Kotsu aimed to contain the malware and prevent further damage. The incident raises concerns about cybersecurity in the transportation sector, highlighting the vulnerabilities that can impact essential services and the need for robust security measures to protect against such attacks.

Read Original

A supply chain attack has compromised several versions of Jscrambler's NPM packages, introducing a credential-stealing malware that can operate across different platforms. Attackers manipulated the packages to deliver this malicious code, which can potentially impact users who have integrated these packages into their applications. This incident raises significant concerns for developers relying on third-party libraries, as it illustrates the vulnerabilities in package management systems. Users are urged to review their dependencies and ensure they are using secure versions of Jscrambler packages to mitigate the risk of credential theft. The situation emphasizes the need for stricter security measures in software development practices.

Read Original

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has taken action against a VPN service named First VPN Service (1VPNS) and two individuals for their involvement in supporting ransomware activities. This VPN is accused of providing tools that facilitate ransomware attacks, particularly targeting American users. The sanctions aim to disrupt the operations of cybercriminals who exploit such services to carry out malicious activities. The U.S. government is sending a strong message that it will hold accountable those who enable cybercrime, especially as ransomware attacks continue to pose significant risks to individuals and organizations. This development highlights the ongoing battle against cyber threats and the importance of regulatory measures to combat them.

Read Original

A recent study by JFrog revealed that 148 npm packages masqueraded as student proxy tools, turning users' browsers into a distributed denial-of-service (DDoS) botnet for about two weeks in May. These packages did not target developers but instead leveraged the npm registry to host a malicious proxy site, attracting students looking to bypass restrictions. Once installed, the packages allowed attackers to harness the computing power of visitors' browsers to launch DDoS attacks. This incident raises concerns about the security of open-source package repositories and highlights the potential risks for users who may unknowingly install compromised software. Developers and users alike need to be vigilant about the packages they choose to install to avoid becoming part of such attacks.

Read Original

The Argentine Football Association (AFA) experienced a security breach that was traced back to an infostealer infection nearly a year old. The incident came to light when mass emails were sent from AFA's legitimate domains, falsely accusing Egypt of having 'stolen' a win. This indicates that attackers may have gained control over AFA's email systems, potentially compromising sensitive information. The breach raises concerns about the security of sports organizations and the integrity of communications within such entities. It also highlights the ongoing risks posed by malware that can linger undetected for extended periods, allowing attackers to exploit the situation at will.

Read Original

A malicious version of the Jscrambler npm package has been discovered, which includes infostealer malware. This compromised package has been downloaded nearly 1,500 times by users, potentially exposing their systems to security risks. Jscrambler, a company that specializes in client-side web security, reported the incident, highlighting the importance of scrutinizing third-party packages before installation. The malware is designed to steal sensitive information, which could lead to further security breaches for those affected. Users and developers should be cautious and ensure they are using legitimate versions of software packages to avoid falling victim to such attacks.

Read Original

Researchers have identified a new malware targeting macOS systems called CrashStealer, designed to steal sensitive information from compromised devices. What sets CrashStealer apart from other malware is its use of native C++ for implementation, rather than the more common AppleScript or Objective-C methods. This malware can validate the victim's login password locally, making it harder to detect. The use of a notarized dropper allows it to bypass Apple's Gatekeeper security checks, increasing its chances of successfully infecting systems. Users of macOS should be cautious and ensure their devices are protected against such threats, as this malware can lead to significant data breaches.

Read Original
PreviousPage 2 of 43Next