Tag: credential stealing
5 articles

Miasma Worm Source Code Leaked, Threatens Open-Source Ecosystem
The Miasma worm's source code leak is a game-changer, putting the entire open-source ecosystem at risk after already infiltrating 73 Microsoft repositories on GitHub. This credential-stealing attack framework operates autonomously, spreading rapidly by infecting developer machines and compromising legitimate repositories.

GitHub Tags Exploited to Deploy Credential-Stealing Malware
Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.

Grafana Breach Exposes Missed Security Step After TanStack Attack
A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Node-ipc Package Infected with Credential-Stealing Malware
A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

CPUID Website Compromised, Serves Malware via HWMonitor Downloads
For six hours, unsuspecting visitors to the CPUID website were put at risk of having their passwords stolen when malicious malware was served in place of the HWMonitor tool they were trying to download. This alarming security breach highlights the vulnerability even trusted sites can have, leaving users to wonder if their sensitive information is safe.