GitHub Tags Exploited to Deploy Credential-Stealing Malware

Malicious actors have manipulated hundreds of GitHub tags to spread credential-stealing malware through popular Laravel Lang localization packages, putting countless users at risk. By rewriting historical tags, attackers tricked Composer installations into downloading the malicious payload.

https://osintsights.com/github-tags-exploited-to-deploy-credential-stealing-malware?utm_source=mastodon&utm_medium=social

#MalwareOperations #CredentialStealing #Github #Composer #Laravel

Node-ipc Package Infected with Credential-Stealing Malware

A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

https://osintsights.com/node-ipc-package-infected-with-credential-stealing-malware?utm_source=mastodon&utm_medium=social

#SupplyChain #CredentialStealing #Malware #Nodeipc #Npm

CPUID Website Compromised, Serves Malware via HWMonitor Downloads

For six hours, unsuspecting visitors to the CPUID website were put at risk of having their passwords stolen when malicious malware was served in place of the HWMonitor tool they were trying to download. This alarming security breach highlights the vulnerability even trusted sites can have, leaving users to wonder if their…

https://osintsights.com/cpuid-website-compromised-serves-malware-via-hwmonitor-downloads?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #MalwareOperations #CredentialStealing #Hwmonitor #Cpuid

This morning I will be downloading a copy of one of our DCs so that I can try and break it 😈

#security #Zerologon #credentialstealing