Malicious code in @mlspace/allocations (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

Malicious code in puan4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 6be2e7028440f68ad3621664d195d72288e6a1d8658f16a421f3ec52d63d6f7a During import, package automatically starts a connection to a C2 server, exfiltrates information about the host and data like sensitive files and browsers' dat...

PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign

Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for ...

Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interestin...

SupremeBot and Mario cross the finish line together

Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...

SNIcat - Server Name Indication Concatenator

SNIcat is a proof of concept tool that performs data exfiltration, utilizing a covert channel method via. Server Name Indication , a TLS Client Hello Extension. The tool consists of an agent which resides on the compromised internal host, and a Command &Control Server which controls the agent and...

npm-script-demo is malware

The npm-script-demo package is a piece of malware that opens a connection to a command and control server and executed the instructions it is given. It has been removed from the npm registry. Recommendation Any computer that has this package installed or running should be considered fully...

CB TAU Threat Intelligence Notification: Email VBS Downloader Connects to C2 Server, Downloads Trickbot Payload

Carbon Black recently learned a customer had received a malicious email attached with a zip file which contained a malicious VBS script file. This malicious VBS downloader will connect to a Command & Control server and then download a malicious payload which contains Trickbot onto the victim’s...

Gaza Cybergang Returns With New Attacks On Palestinian Authority

Security researchers from Check Point Threat Intelligence Team have discovered the comeback of an APT advanced persistent threat surveillance group targeting institutions across the Middle East, specifically the Palestinian Authority. The attack, dubbed "Big Bang," begins with a phishing email se...

bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14690/info BFCC and BFVCC server managers are vulnerable to multiple remote vulnerabilities. The first two issues are login bypass vulnerabilities. These issues allow remote, anonymous attackers to gain access to the...

Cross-platform Trojan : Mac, Windows, Linux - Nothing safe !

Security researchers working for F-Secure have found a web exploit that detects the operating system of the computer and drops a different trojan to match.The attack was first seen on a Columbian transport website which had been hacked by a third party. This malware is known as GetShell.A and...

DUQU – Another Stuxnet in the Making ?

DUQU – Another Stuxnet in the Making ? Article by : Nidhi Rastogi is a Cyber security professional based in New York. Article shared from THE HACKER NEWS magazine - November Edition. You can download Complete Magazine here. Barely a year into discovering Stuxnet, the world recently saw its powerf...