Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install
On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and...
malicious
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
On March 24, 2026, two malicious versions of LiteLLM – the popular AI/LLM proxy gateway present in roughly 36%...
Malicious LiteLLM versions linked to TeamPCP supply chain attack
Malicious LiteLLM versions linked to TeamPCP supply chain attack Pierluigi Paganini March 25, 2026 TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via...
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive...
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Ravie LakshmananMar 23, 2026Cloud Security / DevOps Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy...
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide
Interpol – Operation Synergia III leads to 45,000 malicious IPs dismantled and 94 arrests worldwide Pierluigi Paganini March 14, 2026...
INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime
Ravie LakshmananMar 13, 2026Ransomware / Cybercrime INTERPOL on Friday announced the takedown of 45,000 malicious IP addresses and servers used...
KadNap bot compromises 14,000+ devices to route malicious traffic
KadNap bot compromises 14,000+ devices to route malicious traffic Pierluigi Paganini March 11, 2026 KadNap malware infects 14,000+ edge devices,...
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the...
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan...
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft
Two Google Chrome extensions have turned malicious after what appears to be a case of ownership transfer, offering attackers a...
Fake Laravel Packages on Packagist Deploy RAT on Windows, macOS, and Linux
Ravie LakshmananMar 04, 2026Threat Intelligence / Application Security Cybersecurity researchers have flagged malicious Packagist PHP packages masquerading as Laravel utilities...
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Ravie LakshmananFeb 27, 2026Malware / Linux Security Cybersecurity researchers have disclosed details of a malicious Go module that's designed to...
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
A "coordinated developer-targeting campaign" is using malicious repositories disguised as legitimate Next.js projects and technical assessments to trick victims into...
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Ravie LakshmananFeb 26, 2026Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the...
