HTB-Machines-writeups

somdv3 — HTB Writeups Personal HackTheBox writeup repository...

linux-security-tools

Linux Security Tools Linux security tools, scanners, crackers...

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market

Malware-As-A-Service Redefined: Why XWorm is outpacing every other RAT in the underground malware market By Boggavarapu R S S Srinivas Gupta and Ravishankar N C · March 12, 2026 Introduction In the evolving landscape of cybercrime, threat actors are constantly pursuing the "perfect" weapon: malwa...

Goodbye, dark Telegram: Blocks are pushing the underground out

Telegram has won over users worldwide, and cybercriminals are no exception. While the average user chooses a messaging app based on convenience, user experience and stability and perhaps, cool stickers, cybercriminals evaluate platforms through a different lens. When it comes to anonymity, privac...

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in...

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

EUVD-2025-101257

Malicious code in undergroundcaribouz3n npm...

EUVD-2025-101255

Malicious code in undergroundzebraz3n npm...

EUVD-2025-94447

Malicious code in undergroundswiftz3n npm...

EUVD-2025-94448

Malicious code in undergroundpythonz3n npm...

Malicious code in underground_antlion_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 558d7b46526e15f9c729f7348664f29ea327159826ab2f4a61df14cc56cd9237 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-110060 Malicious code in underground_nightingale_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3e33d931d20ac0273b0c753ed28966cde036315dd179cbf30c273054550e4c4b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-80214

Malicious code in undergroundstingray0xrequest npm...

MAL-2025-110062 Malicious code in underground_stingray_0xrequest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 790a35cc93c5647c63b9d1dbc9ffb16534141d4711d4a82c8e946e3cd534fd94 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-98978 Malicious code in underground_ape_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 405f5cc1c93ed09f74189cd2067333a2ad5905e18b64d0a8d243f36a3b5b5804 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-71312

Malicious code in undergroundapez3n npm...

EUVD-2025-73181

Malicious code in undergroundsnailz3n npm...

EUVD-2025-73184

Malicious code in undergroundeaglez3n npm...

EUVD-2025-73180

Malicious code in undergroundwildebeestz3n npm...

EUVD-2025-73182

Malicious code in undergroundponyrequirement npm...