The New Oil#Trivy vulnerability scanner breach pushed #infostealer via #GitHub Actions
OTX BotGhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer
Pulse ID: 69c1bf4a476f34783a7c6937
Pulse Link: https://otx.alienvault.com/pulse/69c1bf4a476f34783a7c6937
Pulse Author: Tr1sa111
Created: 2026-03-23 22:31:38
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #GitHub #InfoSec #InfoStealer #Mac #MacOS #NPM #OTX #OpenThreatExchange #bot #Tr1sa111
Sophisticated macOS Infostealer known as MioLab
MioLab, also known as Nova, has surfaced as a highly sophisticated Malware-as-a-Service (MaaS) platform specifically targeting Apple users.
Pulse ID: 69c1af72ec1c62238c869b68
Pulse Link: https://otx.alienvault.com/pulse/69c1af72ec1c62238c869b68
Pulse Author: cryptocti
Created: 2026-03-23 21:24:02
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #InfoSec #InfoStealer #MaaS #Mac #MacOS #Malware #MalwareAsAService #OTX #OpenThreatExchange #bot #cryptocti
GhostClaw expands beyond npm: GitHub repositories and AI workflows deliver macOS infostealer
The GhostClaw malware campaign has expanded its distribution methods beyond npm packages to include GitHub repositories and AI-assisted development workflows. The attackers impersonate legitimate tools and utilize multi-stage payloads to steal credentials and retrieve additional malicious code. The infection chain involves executing shell commands, presenting fake authentication prompts, and establishing persistence. The campaign leverages both manual installation through README instructions and automated AI-assisted workflows. Multiple GitHub repositories have been identified, all communicating with a common command-and-control infrastructure. This shift in tactics allows the attackers to target a broader range of victims, including developers and users of AI-assisted coding tools.
Pulse ID: 69c10792a24c3b8eec93ad9c
Pulse Link: https://otx.alienvault.com/pulse/69c10792a24c3b8eec93ad9c
Pulse Author: AlienVault
Created: 2026-03-23 09:27:46
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #GitHub #ICS #InfoSec #InfoStealer #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #bot #developers #AlienVault
infosertecla.comTu identidad digital podría estar en venta y no lo sabés – #Infostealers
Los Infostealers son hoy la amenaza número uno para usuarios y empresas. No buscan romper tu computadora, buscan «clonarte» en silencio para vaciar tus cuentas.
¿Cómo funcionan? Se esconden en descargas de software, cracks o archivos adjuntos. Una vez adentro, roban:
- Tus contraseñas guardadas en el navegador.
- Tus cookies de sesión (¡pueden entrar a tus cuentas sin pedir el 2FA!).
- Tus billeteras de criptomonedas y datos de tarjetas.
https://www.instagram.com/reel/DWMZ3puDC60/
3 consejos de oro para protegerte: 1️⃣ No guardes claves en el navegador. Usá un gestor de contraseñas externo y seguro. 2️⃣ Limpiá tus cookies periódicamente. Una sesión abierta es una puerta abierta para el atacante. 3️⃣ Cuidado con lo que bajás. Evitá programas «gratuitos» de sitios desconocidos o cracks de software.
La ciberseguridad no es una opción, es una necesidad. ¡No les hagas el trabajo fácil a los delincuentes!
¿Alguna vez te llegó un aviso de inicio de sesión sospechoso? Contame en los comentarios y te ayudo.
#arielmcorg #ciberseguridad #CyberAwareness #infosertec #infostealer #PORTADA #ProteccionDeDatos #RADIOGEEK #SeguridadInformatica #tecnologia
VoidStealer: Debugging Chrome to Steal Its Secrets
VoidStealer is an emerging infostealer that employs a novel debugger-based Application-Bound Encryption (ABE) bypass technique. This method leverages hardware breakpoints to extract the v20_master_key directly from browser memory, requiring neither privilege escalation nor code injection. The technique involves attaching to the browser process as a debugger, setting breakpoints at strategic locations, and extracting the key when it's briefly present in plaintext. This approach offers a lower detection footprint compared to alternative bypass methods. The blog post dissects the technique step-by-step, from locating the target address for breakpoint placement to extracting the key. It also provides detection strategies for defenders, focusing on monitoring debugger attachments and suspicious browser memory reads.
Pulse ID: 69bd18a56a2163e596b86133
Pulse Link: https://otx.alienvault.com/pulse/69bd18a56a2163e596b86133
Pulse Author: AlienVault
Created: 2026-03-20 09:51:33
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Chrome #CodeInjection #CyberSecurity #Encryption #InfoSec #InfoStealer #OTX #OpenThreatExchange #RAT #bot #AlienVault
Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets
A new supply chain attack targeting Trivy has compromised 75 out of 76 version tags in the aquasecurity/trivy-action GitHub repository. The attacker force-pushed these tags to serve malicious payloads, effectively turning trusted version references into a distribution mechanism for an infostealer. The malicious code executes within GitHub Actions runners, targeting sensitive data in CI/CD environments. It harvests secrets from runner process memory and the filesystem, encrypts the collected data, and exfiltrates it to an attacker-controlled endpoint or a fallback GitHub-based channel. The attack's scope is significant, potentially affecting over 10,000 workflow files on GitHub referencing this action.
Pulse ID: 69bd18a7cc27dfdfaf6f56a4
Pulse Link: https://otx.alienvault.com/pulse/69bd18a7cc27dfdfaf6f56a4
Pulse Author: AlienVault
Created: 2026-03-20 09:51:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#ASEC #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #OTX #OpenThreatExchange #RAT #RCE #Rust #SupplyChain #Troll #bot #AlienVault
Kevin Karhan 
Andreas TaudteWhat if the most important part of an attack happens long before the first alert appears? 🤔
One of the visuals in our latest DNS Threat Intelligence Report shows dormant infrastructure quietly sitting in place before it is later used for #infostealer activity. 💤
That is exactly the kind of pattern we will unpack in our #webinar on March 26th at 4PM CET. Join us and take a closer look at what #DNS can reveal before an attack becomes visible: https://register.gotowebinar.com/register/6261316752740343381?source=Sales+Promo
New Malware Targets Users of Cobra DocGuard Software
A novel and stealthy threat called Infostealer.Speagle has been discovered, hijacking the functionality of Cobra DocGuard, a legitimate security software. This malware collects sensitive information from infected computers and transmits it to a compromised Cobra DocGuard server, masking the data exfiltration as legitimate communications. Speagle specifically targets computers with Cobra DocGuard installed and has shown capabilities to search for documents related to Chinese ballistic missiles. The infection vector remains unknown, but there are indications of a possible supply chain attack. The malware collects system information, file listings, and browser data in multiple phases, using sophisticated techniques to evade detection and self-delete after completing its tasks.
Pulse ID: 69bbd7618524d177761d1941
Pulse Link: https://otx.alienvault.com/pulse/69bbd7618524d177761d1941
Pulse Author: AlienVault
Created: 2026-03-19 11:00:49
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Chinese #CyberSecurity #ELF #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #RAT #SupplyChain #bot #AlienVault
