Fake Codex Remote UI Steals OpenAI Auth Tokens
A newly uncovered supply chain attack is leveraging a legitimate-looking developer tool, codexui-android, to silently steal OpenAI Codex authentication token...
Malware
20 articles
MicrosoftSystem64 Malware Abuses Hugging Face for Stealthy Data Theft
A sophisticated supply chain attack targeting the npm ecosystem has been uncovered, involving a malicious package named js-logger-pack that evolved into a po...
The behavioral signals that sharpen Trojan malware detection
Malware analysts spend a lot of time deciding which signals from a sandbox run are worth keeping. A sample executed in a controlled environment can generate ...
GreyVibe hackers use ChatGPT, Gemini to power cyberattacks
A likely Russian threat cluster tracked as GreyVibe has been targeting Ukrainian entities with AI-generated lures and a rich set of custom malware tools. [.
Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers chained together five separate weaknesses in the popular workflow automation service Zapier that, if first discovered by a malicious act...
AI-Generated npm Malware Leaks Hacker’s Private GitHub Token
A newly discovered malicious npm package is drawing attention across the cybersecurity community after inadvertently exposing its own operator’s private GitH...
Hackers Host JS Malware on GHOSTYNETWORKS and OMEGATECH
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large...
Employees are unknowingly inviting tech support impersonators into firms, says FBI
Online or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that...
Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users
Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB...
BTMOB Android RAT poses significant threat with easy-to-use builder
First identified in February 2025, BTMOB evolved from the SpySolr malware.
CrowdStrike, Google Take Down Glassworm Botnet
Operators of the malicious Glassworm botnet have been targeting software developers since at least early 2025
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Ko...
BTMOB Malware Allows Cybercriminals to Remotely Hijack Android Phones
A newly observed Android malware strain, known as BTMOB, is raising concerns among cybersecurity researchers due to its powerful remote access capabilities a...
GlassWorm Botnet Disrupted
Security firms took down all four command-and-control (C&C) channels used by the GlassWorm malware. The post GlassWorm Botnet Disrupted appeared first on Sec...
Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning
Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data.
North Korea's Lazarus Group uses new RemotePE malware against financial targets
RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader.
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four po...
Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet
FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack
Hackers compromised FBI Chief Kash Patel’s clothing store in a ClickFix attack that tricked macOS users into installing infostealer malware.
Laravel-Lang Packages Poisoned for Malware Delivery
Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware De...