Megalodon Malware Targets Developers With CI/CD Workflows On GitHub

An automated supply chain attack called Megalodon was launched to target developers on GItHub infecting more than 5,000 repositories by injecting CI/DC workflows into GitHub actions using unused accounts, aiming to steal session token, backend secrets, configuration files and build environments.

Pulse ID: 6a12fa57fe7d7e7f29dc57bb
Pulse Link: https://otx.alienvault.com/pulse/6a12fa57fe7d7e7f29dc57bb
Pulse Author: cryptocti
Created: 2026-05-24 13:17:11

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #GitHub #InfoSec #Malware #OTX #OpenThreatExchange #RAT #SupplyChain #bot #developers #cryptocti

Android Malware Forces Hidden Premium Service Subscriptions

Pulse ID: 6a12dc1c3f49b8b35effd5b8
Pulse Link: https://otx.alienvault.com/pulse/6a12dc1c3f49b8b35effd5b8
Pulse Author: cryptocti
Created: 2026-05-24 11:08:12

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RCE #bot #cryptocti

SEO Poisoning Infostealer Campaign via Gemini CLI and Claude Code

Pulse ID: 6a123407891a0247298ffc64
Pulse Link: https://otx.alienvault.com/pulse/6a123407891a0247298ffc64
Pulse Author: cryptocti
Created: 2026-05-23 23:11:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #InfoStealer #OTX #OpenThreatExchange #SEOPoisoning #bot #cryptocti

Laravel-Lang Supply Chain Attack Enables Remote Code Execution

Pulse ID: 6a123448b3721c8f8883af50
Pulse Link: https://otx.alienvault.com/pulse/6a123448b3721c8f8883af50
Pulse Author: cryptocti
Created: 2026-05-23 23:12:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

Enterprise Network Compromise via Exploitation of F5 Big IP Devices

Pulse ID: 6a11f707a0439431e41a3cca
Pulse Link: https://otx.alienvault.com/pulse/6a11f707a0439431e41a3cca
Pulse Author: cryptocti
Created: 2026-05-23 18:50:47

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #bot #cryptocti

SHADOW-WATER-063 Uses Fake NF-e Invoices to Spread Banana RAT Malware

Pulse ID: 6a11af11d3837cd2c57c3bc1
Pulse Link: https://otx.alienvault.com/pulse/6a11af11d3837cd2c57c3bc1
Pulse Author: cryptocti
Created: 2026-05-23 13:43:45

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #OTX #OpenThreatExchange #RAT #bot #cryptocti

Attackers Compromise Art-template npm Packages to Target iOS Exploitation

The art-template npm package was compromised in a supply chain attack that injected malicious code into downstream applications. The campaign targeted iOS Safari users, using device fingerprinting and anti-analysis techniques to selectively deliver remote exploit modules via a command-and-control infrastructure, highlighting the risks of trust-based open-source ecosystems.

Pulse ID: 6a11ac399acb9a530240364c
Pulse Link: https://otx.alienvault.com/pulse/6a11ac399acb9a530240364c
Pulse Author: cryptocti
Created: 2026-05-23 13:31:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #NPM #OTX #OpenThreatExchange #RCE #Rust #Safari #SupplyChain #bot #iOS #cryptocti

DevilNFC Malware Targeting Android Users

DevilNFC is an Android-based malware capable of intercepting contactless card communications from infected devices. It can capture payment credentials and harvest user PINs, leading to unauthorized financial fraud and global ATM cash-outs.

Pulse ID: 6a10c14d9d3adc2c94f01b2c
Pulse Link: https://otx.alienvault.com/pulse/6a10c14d9d3adc2c94f01b2c
Pulse Author: cryptocti
Created: 2026-05-22 20:49:17

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Android #CyberSecurity #FinancialFraud #InfoSec #Malware #OTX #OpenThreatExchange #RCE #bot #cryptocti

FoxTempest Malware Signing Abuse Campaign

Fox Tempest abused Microsoft’s signing infrastructure to issue trusted certificates for malware, enabling attackers to bypass security controls and distribute ransomware and stealers via fake software installers. The service impacted multiple sectors globally, including government, healthcare, finance and education, before being disrupted in 2026 by Microsoft through certificate revocation and infrastructure takedown.

Pulse ID: 6a10c1c488a7f300a313067e
Pulse Link: https://otx.alienvault.com/pulse/6a10c1c488a7f300a313067e
Pulse Author: cryptocti
Created: 2026-05-22 20:51:16

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Education #Government #Healthcare #InfoSec #Malware #Microsoft #OTX #OpenThreatExchange #RansomWare #Rust #bot #cryptocti

Blackfile’s Cloud Extortion Operations Targets Organizations

Blackfile, officially tracked as UNC6671 by Google Threat Intelligence Group, terrorized global corporate cloud environments. The threat actor leveraged human engineering and technical exploitation to compromise over a dozen companies. UNC6671’s threat model exposes a serious gap in security within corporate’s still relying on legacy MFA and weak cloud access monitoring

Pulse ID: 6a10c2349f66a6cd67167619
Pulse Link: https://otx.alienvault.com/pulse/6a10c2349f66a6cd67167619
Pulse Author: cryptocti
Created: 2026-05-22 20:53:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #Extortion #Google #InfoSec #MFA #OTX #OpenThreatExchange #RAT #bot #cryptocti