Hackers are abusing Google’s DoubleClick domain to deliver a .NET-based RAT through targeted phishing emails. The attack chain uses dynamically personalized landing pages and process hollowing to evade detection, making it harder for security tools to flag malicious traffic.
Microsoft removed 73 GitHub repositories after the Miasma supply-chain worm compromised them to distribute password-stealing malware. All repos are restored, but the worm’s targeting of AI coding tools signals a new phase in supply-chain attacks.
A malware campaign targeting South Korea uses GitHub repositories as command-and-control servers, with malicious LNK files fetching PowerShell payloads and exfiltrating data through the developer platform.
Researchers ran static analysis tools on 658 leaked malware projects and found nearly 90% contained recognizable code weaknesses — including disabled TLS validation and shared vulnerable code fragments that defenders could exploit across multiple threat families.
The Shai-Hulud supply-chain campaign compromised 19 scientific PyPI packages (Dynamo, Spateo, CoolBox, U-FISH, and more) with malware that steals developer secrets — cloud keys, publishing tokens, SSH keys, and AI tool configs. The payload triggers on any Python invocation.
A new malware called IronWorm is spreading through npm by poisoning legitimate packages with a Rust-based stealer that uses stolen credentials to self-replicate. It deploys an eBPF rootkit and targets AI development credentials, making it one of the more sophisticated supply chain attacks in recent memory.
