Skip to main content

Tag: credentialexfiltration

4 articles

Shai-Hulud v2 Exclusive: Dangerous Spread Exposes Secrets

Shai-Hulud v2 Exclusive: Dangerous Spread Exposes Secrets

Shai‑Hulud’s second wave has jumped from npm into Maven, turning trusted packages into a secret‑stealing worm that probes CI and environment tokens and self‑replicates through dependencies. If you build or secure software, now’s the moment to rotate credentials, harden pipelines, and vet every dependency.

Analyst 207
Lazarus Group Exclusive Threat: Risky Malware Surge

Lazarus Group Exclusive Threat: Risky Malware Surge

Imagine calling tech support and accidentally inviting a nation‑state backdoor into your PC — researchers say North Korea‑linked Lazarus tools are now showing up in everyday tech‑support scams, handing criminals far more powerful, persistent malware. That makes it more important than ever for people and organizations to rethink who they trust and how they secure devices.

Analyst 207
self-replicating worm: Stunning Risk to Dev Supply Chains

self-replicating worm: Stunning Risk to Dev Supply Chains

A self-replicating worm has infected nearly 200 NPM packages, stealing developer tokens and publishing them to public GitHub repos so each install can expose even more credentials. If you use open-source dependencies, now’s the time to audit builds, rotate keys, and lock down your developer workflows before the next propagation wave hits.

Analyst 207
Trojanized Go module: Stunning Risky Credential Stealer

Trojanized Go module: Stunning Risky Credential Stealer

A trojanized Go module posing as an SSH testing tool was found quietly exfiltrating successful login IPs, usernames and passwords to a hard‑coded Telegram bot—proof that convenience in open‑source can hide dangerous supply‑chain risks. Audit and pin dependencies, verify modules, and monitor outbound traffic to stop silent credential leaks before they become breaches.

Analyst 207