Copycat hits another npm package

A Shai-Hulud copycat worm has infected the npm package chalk-tempalte, appearing just five days after the original worm was open-sourced by its creators. The same threat actor also published three additional malicious npm packages containing infostealer code: @deadcode09284814/axios-util, axois-utils, and color-style-utils. These packages collectively received 2,678 weekly downloads and contain various malicious capabilities including credential theft, cryptocurrency wallet exfiltration, cloud configuration harvesting, and DDoS botnet functionality. The malware exfiltrates stolen data to remote command-and-control servers and uploads credentials to GitHub repositories. Researchers indicate the attacker operates from a home computer or local server farm and appears financially motivated, targeting victims' cryptocurrency assets while potentially offering DDoS-as-a-service capabilities.

Pulse ID: 6a0b921d3574a6ef2eca8d47
Pulse Link: https://otx.alienvault.com/pulse/6a0b921d3574a6ef2eca8d47
Pulse Author: AlienVault
Created: 2026-05-18 22:26:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DDoS #DoS #GitHub #InfoSec #InfoStealer #Malware #NPM #OTX #OpenThreatExchange #RAT #RCE #Worm #bot #botnet #cryptocurrency #iOS #AlienVault

Cato CTRL Threat Research: Suspected China-Linked Threat Actor Targets Global Manufacturer with Undocumented TencShell Malware

In April 2026, Cato CTRL identified and blocked an attempted intrusion against a global manufacturing customer involving TencShell, a previously undocumented, Go-based implant derived from the open-source Rshell C2 framework. The activity appeared in traffic associated with a third-party user connected to the customer environment.

Pulse ID: 6a0b6747345498a268db0263
Pulse Link: https://otx.alienvault.com/pulse/6a0b6747345498a268db0263
Pulse Author: AlienVault
Created: 2026-05-18 19:23:51

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#China #CyberSecurity #InfoSec #Malware #Manufacturing #OTX #OpenThreatExchange #RCE #bot #AlienVault

Upgrade immediately.

#NextJs: 15.5.18, 16.2.6

#React: 19.0.6, 19.1.7, 19.2.6 for the react-server-dom-parcel, react-server-dom-webpack and react-server-dom-turbopack packages

https://vercel.com/changelog/next-js-may-2026-security-release

Vulnerability:

- Middleware and proxy bypass
- Denial of service
- Server-side request forgery
- Cache poisoning
- Cross-site scripting

#Vercel #CVE #RCE #JS #NPM #AI #Security #Vulnerability #AISlop

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6894e0fcb58e1a56bd0
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6894e0fcb58e1a56bd0
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab6942ce25e7ca5b9ed54
Pulse Link: https://otx.alienvault.com/pulse/6a0ab6942ce25e7ca5b9ed54
Pulse Author: Tr1sa111
Created: 2026-05-18 06:49:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

Gremlin Stealer's Evolved Tactics: Hiding in Plain Sight With Resource Files

Pulse ID: 6a0ab698394234e08ec70977
Pulse Link: https://otx.alienvault.com/pulse/6a0ab698394234e08ec70977
Pulse Author: Tr1sa111
Created: 2026-05-18 06:50:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #OTX #OpenThreatExchange #RCE #bot #Tr1sa111

🚨 Claw Chain: 4 luki w OpenClaw pozwalają na przejęcie kontroli

Ujawniono łańcuch czterech podatności w platformie OpenClaw, pozwalający na kradzież danych i instalację backdoorów. Zalecamy natychmiastową aktualizację do wersji 2026.4.22.

→ https://cyberowi.pl/claw-chain-4-luki-w-openclaw-pozwalaja-na-przejecie-kontroli/

#openclaw #clawchain #cve202644112 #rce

#cyberbezpieczenstwo

Vulnerability Cve-2026-7411

Eclipse BaSyx Java Server SDK 버전 2.0.0-milestone-10 이전에서 Submodel HTTP API의 부적절한 경로 정규화 취약점(CVE-2026-7411)이 발견되었습니다. 인증되지 않은 원격 공격자가 악의적으로 조작된 fileName 파라미터를 이용해 경로 탐색 공격을 수행, 임의의 파일을 서버 파일 시스템에 쓸 수 있어 원격 코드 실행(RCE) 및 시스템 완전 장악이 가능합니다. 이 취약점은 네트워크 공격 벡터, 낮은 공격 복잡도, 권한 요구 없음으로 CVSS 10점의 치명적 위험도를 가집니다. 해당 SDK를 사용하는 AI 인프라 및 서비스 개발자는 즉시 버전 업데이트 및 보안 패치를 적용해야 합니다.

https://db.gcve.eu/vuln/cve-2026-7411

#security #cve #pathtraversal #rce #eclipse