MAL-2026-4174 Malicious code in durabletask (PyPI)

1.4.1, 1.4.2, and 1.4.3 of durabletask were compromised via a PyPI maintainer account takeover. All three malicious versions were published on 2026-05-19 within a 35-minute window 16:19–16:54 UTC. Pin to =1.4.0. Attack chain - Stage 1 — Import-time dropper: on import, the package fetches a...

Embedded Malicious Code

Overview durabletask is an A Durable Task Client SDK for Python Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a malicious payload. A malicious actor linked to the @antv appears to have compromised the GitHub account associated with the package and dumpe...

Omnistealer uses the blockchain to steal everything it can

A new infostealer dubbed Omnistealer is turning the blockchain into a permanent malware hosting platform, which is bad news for both companies and everyday users. It’s pretty common for malware to store its payload on a public platform, ideally one that adds some trustworthiness to the download...

Malicious code in logutilkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25a26f2dc6e0a8e2ba3bd43492fbffa597b39065e3f3378ea976dcabddf8fbf8 Malicious clone of a legitimate package. When using it, the code attempts to download and execute remote code. In on of the incarnations, the malicious code wa...

Malicious code in apachelicense (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9d96d45a87e117e72107d6d6dfbe8c4e94323323bc28ce9accd8ccba39a0a46c Malicious clone of legitimate "license" package. When using the findbykey function, the malicious code from strongly obfuscated files is loaded. It then at lea...

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

Password managers keep your passwords safe, unless…

I’m a big advocate of password managers. Granted, there are better alternatives for passwords like passkeys, but if a provider offers nothing but password options, which many do, you can’t do much about that. So, for the time being we seem to be stuck with passwords. Every reputable password...

On the Security of Password Managers

Good article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into groups. The researchers reverse-engineered or closely...

Researchers Demonstrate 27 Attacks Against Major Password Managers

Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data...

Password Managers Share a Hidden Weakness

Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more...

AI-generated passwords are a security risk

Using Artificial Intelligence AI to generate your passwords is a bad idea. It's likely to give that password to a criminal who can then use it in a dictionary attack—which is when an attacker runs through a prepared list of likely passwords words, phrases, patterns with automated tools until one ...

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

Multiple Password Managers Vulnerable to Clickjacking Attacks

Overview Browser-extension password managers, which autofill sensitive information on websites, can be exposed to various clickjacking attacks. These attacks exploit the trust relationship between a web page and the user-interface elements injected by the extension. Recent studies show that...

How Blind and Low-Vision Users Manage Their Passwords

Managing passwords securely and conveniently is still an open problem for many users. Existing research has examined users' password management strategies and identified pain points, such as security concerns, leading to insecure practices. We investigate how Blind and Low-Vision BLV users tackle...

⚡ Weekly Recap: Password Manager Flaws, Apple 0-Day, Hidden AI Prompts, In-the-Wild Exploits & More

Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn't just a matter of firewalls and patches—it's about strategy. The strongest...

Clickjack attack steals password managers’ secrets

Sometimes it can seem as though everything's toxic online, and the latest good thing turned bad is here: Browser pop-ups that look like they're trying to help or authenticate you could be programmed to steal data from your password manager. To make matters worse, most browser extension-based...

SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension – Password Managers, Wallets at Risk

Palo Alto, Singapore, 6th March 2025, CyberNewsWire...

U.S. Dept Of Defense: Subdomain takeover ██████

The subdomain █████ was found to be pointing to open-elb-prod-277276106.us-east-1.elb-amazonaws.com., and the domain elb-amazonaws.com was available for registration. This vulnerability could have been exploited to host unwanted content, receive email, and potentially execute cross-site scripting...

U.S. Dept Of Defense: Subdomain takeover ████████.mil

The subdomain ██████.mil was found to be pointing to a domain that is currently available for registration. This indicates a potential subdomain takeover vulnerability. The domain ████ was found to be unregistered and could have been used by an attacker to host unwanted or malicious content under...