Latest IntelligenceThreat IntelligencePage 3
Search by keyword →
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Suppl...
Magecart Hackers Abuse Google Tag Manager to Inject Credit Card Skimmers
Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notoriou...
84 TanStack npm Packages Hacked in Ongoing Supply-Chain Attack Targeting CI Credentials
A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. The malicious versions, published to the npm registry at...
Trending Hugging Face Repo With 200k Downloads Executes Malware on Windows Machines
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named R...
Trending Hugging Face Repository With 200k Downloads Executes Malware on Windows Machines
A popular artificial intelligence repository on Hugging Face was recently found hiding dangerous malware that targeted Windows users. The repository, named R...
SailPoint Discloses GitHub Repository Hack
The incident occurred on April 20 and did not affect customer data in the company’s production and staging environments. The post SailPoint Discloses GitHub Rep...
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Att...
macOS Malware Leverages Google Ads and Legitimate Claude.ai Shared Chats to Deliver Malware
Threat actors are executing a sophisticated malvertising campaign targeting macOS users via poisoned Google Ads and deceptive artificial intelligence applicatio...
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations Hit...
Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns
A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, share...
New NWHStealer Delivery Chain Uses Bun Loader, Anti-VM Checks, and Encrypted C2
A new and evolving threat has caught the attention of cybersecurity researchers worldwide. A Windows-based information stealer known as NWHStealer has resurface...
Boost Security Raises $4 Million for SDLC Defense Platform
The company is expanding its platform’s capabilities with the acquisition of SecureIQx and Korbit.ai. The post Boost Security Raises $4 Million for SDLC Defense...
Chrome 148 Rolls Out With 127 Security Fixes
The fresh browser update resolves critical-severity integer overflow and use-after-free vulnerabilities. The post Chrome 148 Rolls Out With 127 Security Fixes a...
Vendor Says Daemon Tools Supply Chain Attack Contained
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Dae...
Hackers Using Fake Claude AI Installer Pages to Trick Users Into Running Malware on Their Systems
Hackers are using convincing fake pages for Claude AI to trick users into running malware on their own systems. The campaign, known as “InstallFix” ...
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Sup...
Scammers Use Short-Lived VoIP Numbers and Reuse Windows to Defeat Reputation-Based Blocking
Phone-based scams are evolving faster than most security filters can keep up with. Attackers are now leaning heavily on Voice over Internet Protocol (VoIP) numb...
Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials
Hackers are using fake Google ads to steal login credentials from ManageWP users, GoDaddy’s popular platform for managing WordPress websites from a single...
Malicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets
A fresh wave of malicious packages has been quietly spreading through the NuGet ecosystem, one of the most widely used registries in the .NET developer world. F...
Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks
VM2 has been hit by 11 critical vulnerabilities, putting countless applications that rely on it at risk of executing untrusted code. Affecting all versions up t...