Malware

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise

A major supply chain attack campaign has emerged as TeamPCP, the threat actor behind previous Trivy and KICS compromises, has backdoored the popular Python package LiteLLM. Versions 1.82.7 and 1.82.8, released on March 24, 2026, contained a credential harvester, Kubernetes lateral movement toolkit, and a persistent systemd backdoor. Security vendors including Endor Labs and JFrog confirmed the malicious […]

TeamPCP Backdoors LiteLLM Versions 1.82.7 to 1.82.8 Through Trivy CI CD Supply Chain Compromise Read More »

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR

A large-scale malvertising campaign has been identified targeting users searching for tax-related documents, leading to the deployment of remote access malware and advanced security evasion tools. The campaign, active since early 2026, was analyzed by Huntress, revealing how attackers are abusing online advertisements to distribute malicious software disguised as legitimate tax resources. Malicious Ads Target Tax-Related

Tax Themed Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Read More »

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Cybersecurity researchers have uncovered an advanced phishing campaign targeting corporate environments, particularly French-speaking organizations, by distributing fake resumes that secretly deploy malware. The operation, tracked as FAUX#ELEVATE by Securonix, combines credential theft, data exfiltration, and cryptocurrency mining into a single highly efficient attack chain. Malicious Resumes Disguised as Job Applications The campaign begins with phishing emails containing what

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Read More »

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new threat campaign targeting developers through malicious npm packages designed to steal cryptocurrency wallets and sensitive system data. The operation, tracked as the Ghost campaign by ReversingLabs, highlights the growing risks within open-source ecosystems where attackers exploit developer trust. Malicious Packages Masquerading as Legitimate Tools The campaign involves several npm packages published under

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials Read More »

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware

Cybersecurity experts have identified a sophisticated campaign by North Korean threat actors, tracked as WaterPlum, deploying a modular malware family known as StoatWaffle through malicious Microsoft Visual Studio Code (VS Code) projects. The campaign, dubbed Contagious Interview, targets developers and cryptocurrency professionals with social engineering tactics. Auto-Execution via VS Code Tasks The attackers leverage the tasks.json file

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware Read More »

Microsoft Warns IRS Phishing Campaign Hits 29,000 Users and Deploys RMM Malware

Microsoft has issued a warning about a surge in phishing attacks exploiting the U.S. tax season, with cybercriminals targeting tens of thousands of users to steal sensitive data and deploy remote access malware. According to recent threat intelligence findings, attackers are leveraging tax-related themes to trick victims into engaging with malicious emails. These messages often

Microsoft Warns IRS Phishing Campaign Hits 29,000 Users and Deploys RMM Malware Read More »

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper

A major cybersecurity incident involving the widely used Trivy vulnerability scanner has expanded significantly, with malicious components spreading across Docker environments and cloud-native infrastructures. Security researchers have confirmed that compromised versions of Trivy were distributed via Docker Hub, exposing developers and organizations to serious threats. This incident highlights the growing impact of software supply chain

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper Read More »

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages

A large-scale supply chain attack targeting the widely used Trivy security scanner has escalated into a self-propagating malware campaign, infecting at least 47 npm packages with a newly identified worm known as CanisterWorm. Security researchers report that the attackers are likely continuing their operations beyond the initial compromise, expanding the infection across multiple software ecosystems

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages Read More »

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams

Google has unveiled a new security measure aimed at reducing malware infections and online scams on Android devices. The update introduces an “advanced flow” for sideloading apps, requiring users to wait 24 hours before installing applications from unverified developers. This move is designed to strengthen user protection while still preserving Android’s flexibility and openness. The

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams Read More »

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers

Cybersecurity experts have identified a newly discovered malware strain named Speagle, which manipulates the features and infrastructure of a legitimate document security tool, Cobra DocGuard, to carry out covert data theft operations. According to a recent report by Symantec and Carbon Black researchers, the malware quietly collects sensitive data from infected systems and transfers it

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers Read More »