Skip to main content

Tag: info stealer

3 articles

Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Windows desktop with MSHTA process active, surrounded by blurred office equipment.

Microsoft Utility MSHTA Fuels Malware Surge via Lumma Stealer Campaigns

Malware campaigns are on the rise, fueled by the Microsoft Utility MSHTA, which is being exploited to spread info stealers like Lumma Stealer and Amatera. This sneaky tactic is just the latest example of how cybercriminals are abusing a long-standing Windows feature to wreak havoc.

Analyst 207
Laptop, smartphone, and notebook arranged on a desk in a tidy workspace.

Malicious Repo Exploits OpenAI Model to Deliver Info Stealer

A malicious repository disguised as OpenAI's legitimate Privacy Filter model racked up 244,000 downloads and became the #1 trending project on Hugging Face, but actually hid a sneaky Rust-based information stealer targeting Windows machines. The fake repository, Open-OSS/privacy-filter, expertly impersonated OpenAI's release, even copying the official model card to gain users' trust.

Analyst 207