216 matches found
Malicious Package
Overview @cloudplatform-single-spa/pangolin is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and...
Malicious Package
Overview @cloudplatform-single-spa/ml-inference-comfy-run is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...
Malicious Package
Overview @cloudplatform-single-spa/ml-finetuning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...
Malicious Package
Overview @car-loans/close-flow-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @cloudplatform-single-spa/vpc-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Malicious Package
Overview @cloudplatform-single-spa/vmware-draas is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...
Fake software on GitHub and SourceForge distribute Deno RAT
During our threat hunting activities, we found fake installers and plugins impersonating popular software including ChatGPT, Claude, AutoTune, and Kontakt on GitHub and SourceForge distributing a Deno backdoor known as DinDoor. Attackers are using compromised YouTube channels to distribute links ...
MAL-2026-3609 Malicious code in forge-jsxy (npm)
forge-jsxy is a malicious npm package part of the same campaign as forge-jsx. It typosquats the name by appending a 'y' and carries an identical fake description 'Node.js integration layer for Autodesk Forge' to impersonate a legitimate Autodesk Forge SDK. The package is a fully-formed RAT deploy...
Malicious code in swampo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...
MAL-2026-3031 Malicious code in swampo (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7b8e193e75e6ca7d387f21b53c251e6ee8791d9ec4ca3f37099e765415d36157 Multi-stage dropper. The "analytics" functionality fetches fake updates information that should contain the next URL. From it, a yet another URL is downloaded,...
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push...
Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows
Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...
SigCorr 0.1.0
SigCorr detects cross-protocol attack chains spanning SS7/MAP, Diameter S6a, and GTPv2-C interfaces in mobile core networks. It performs unified subscriber identity correlation across protocol boundaries to detect multi-stage attacks that single-interface monitors miss. It is written in Java 17 a...
CVE-2026-5586 zhongyu09 openchatbi Multi-stage Text2SQL Workflow sql injection
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-26189
creationtimestamp| type| source ---|---|--- 2026-03-27 16:45:04+00:00| seen| https://www.acn.gov.it/portale/w/attacco-multistadio-alla-supply-chain-ci/cd-e-iniezione-di-codice-malevolo...
That “job brief” on Google Forms could infect your device
We've identified a campaign using business-related lures, such as job interviews, project briefs, and financial document, to distribute malware, including the PureHVNC Remote Access Trojan RAT. It's not the malware that's new, but how the attack starts. Instead of the usual phishing email or fake...
Copyright Lures Mask a Multi‑Stage PureLog Stealer Attack on Key Industries
We look into a stealthy multi‑stage attack campaign that delivers PureLog Stealer entirely in memory using encrypted, fileless techniques...
DeepStage: Learning Autonomous Defense Policies against Multi-Stage APT Campaigns
This paper presents DeepStage, a deep reinforcement learning DRL framework for adaptive, stage-aware defense against Advanced Persistent Threats APTs. The enterprise environment is modeled as a partially observable Markov decision process POMDP, where host provenance and network telemetry are fus...
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution
Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan · March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to disk—artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...