ChocoPoC RAT Targets Researchers via Fake Exploit Repos
Malicious Python PoC repositories on GitHub deliver ChocoPoC RAT to security researchers. The trojan steals credentials and provides remote access via Mapbox dead drops.
24 articles tagged with "Supply Chain Attack"
Malicious Python PoC repositories on GitHub deliver ChocoPoC RAT to security researchers. The trojan steals credentials and provides remote access via Mapbox dead drops.
Attackers injected malicious JavaScript via a compromised vendor to drain $3 million in pUSD from Polymarket users. The prediction market giant pledges full refunds.
144 packages in the Mastra AI framework compromised via hijacked maintainer account. The malicious easy-day-js dependency deploys a crypto-stealing RAT affecting 1.1M weekly downloads.
Sophos discovered a cryptocurrency miner bundled with Hola Browser for Windows. The malware creates a Windows service, adds Defender exclusions, and mines when idle.
Malicious codexui-android npm package stole OpenAI refresh tokens from 29K developers. Mobile apps with 60K installs also compromised—revoke credentials now.
32+ Red Hat Cloud Services npm packages compromised with Mini Shai-Hulud credential-stealing malware. 80K weekly downloads affected—here's what developers need to know.
Daemon Tools, TanStack, and Nx Console all compromised via supply chain attacks. CVSS scores up to 9.5. CISA mandates federal remediation by June 10.
Supply chain attack deploys 34 malicious packages across npm, PyPI, and Crates.io to steal crypto wallets, SSH keys, and developer credentials. AI assistants weaponized.
Attackers seized control of node-ipc by re-registering the maintainer's expired email domain. Three malicious versions now harvest AWS, GCP, Azure keys and more.
Attackers exploited a CMS flaw on JDownloader's website to swap download links with trojanized installers. Windows users got a Python RAT; Linux users got root-persisted ELF binaries.
A typosquatted OpenAI repository on Hugging Face delivered Rust-based infostealer malware to Windows users, racking up 244K downloads before removal.
Kaspersky uncovered a supply chain attack on DAEMON Tools official website. Trojanized installers deployed QUIC RAT backdoors to thousands of systems, with a dozen government and manufacturing targets receiving advanced payloads.
Socket researchers identify 73 malicious VS Code extensions on Open VSX tied to GlassWorm campaign. Six already activated to deliver malware through native binaries and obfuscated JavaScript.
A malicious npm package hijacked Bitwarden CLI's publishing pipeline on April 22, harvesting credentials from 334 developers. Here's what happened.
Attackers compromised CPUID's website API for six hours, redirecting CPU-Z and HWMonitor downloads to trojanized installers that steal browser credentials using advanced evasion techniques.
AI startup Mercor confirms breach via LiteLLM supply chain attack. Lapsus$ claims 4TB stolen including candidate data, source code, and API keys. Meta pauses contracts.
Attackers compromised Nextend's update infrastructure to push a malicious Smart Slider 3 Pro version with four layers of backdoors. Here's who's affected and how to recover.
Attackers compromised the Axios npm package to deploy a cross-platform RAT targeting Windows, macOS, and Linux. Here's what happened and what you need to do.
TeamPCP compromised the popular telnyx Python SDK on PyPI, hiding credential-stealing malware inside WAV audio files. Versions 4.87.1 and 4.87.2 affected—downgrade immediately.
GlassWorm campaign expands across Open VSX, npm, and GitHub with invisible Unicode payloads and Solana-based C2. Developers urged to audit dependencies immediately.
GlassWorm supply chain attack spreads via 72 Open VSX extensions using invisible Unicode obfuscation. Targets crypto wallets, API tokens, and CI/CD pipelines.
Supply chain attack targets PHP developers via fake Laravel utilities containing encrypted RAT payload. The malware gains full access to database credentials and API keys.
Trend Micro finds 2,200+ malicious skills weaponizing AI agents to deploy AMOS. The campaign marks a shift from prompt injection to using AI as a trusted intermediary for malware delivery.
ReversingLabs caught StripeApi.Net typosquatting the official Stripe library. The package processed payments normally while exfiltrating API keys in the background.