Copycat hits another npm package

A Shai-Hulud copycat worm has infected the npm package chalk-tempalte, appearing just five days after the original worm was open-sourced by its creators. The same threat actor also published three additional malicious npm packages containing infostealer code: @deadcode09284814/axios-util, axois-utils, and color-style-utils. These packages collectively received 2,678 weekly downloads and contain various malicious capabilities including credential theft, cryptocurrency wallet exfiltration, cloud configuration harvesting, and DDoS botnet functionality. The malware exfiltrates stolen data to remote command-and-control servers and uploads credentials to GitHub repositories. Researchers indicate the attacker operates from a home computer or local server farm and appears financially motivated, targeting victims' cryptocurrency assets while potentially offering DDoS-as-a-service capabilities.

Pulse ID: 6a0b921d3574a6ef2eca8d47
Pulse Link: https://otx.alienvault.com/pulse/6a0b921d3574a6ef2eca8d47
Pulse Author: AlienVault
Created: 2026-05-18 22:26:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DDoS #DoS #GitHub #InfoSec #InfoStealer #Malware #NPM #OTX #OpenThreatExchange #RAT #RCE #Worm #bot #botnet #cryptocurrency #iOS #AlienVault

Active Supply Chain Attack Compromises Packages on npm

An active npm supply chain attack has compromised packages in the @antv ecosystem, affecting the maintainer account 'atool'. The attack is part of the Mini Shai-Hulud campaign, involving 639 compromised package versions across 323 unique packages. Notable affected packages include echarts-for-react with 1.1 million weekly downloads, and widely-used @antv packages for data visualization. The malware uses obfuscated install-time payloads that harvest developer credentials, GitHub tokens, npm tokens, AWS credentials, and other secrets from development and CI/CD environments. Stolen data is encrypted with AES-256-GCM and exfiltrated to a command-and-control server, with GitHub repositories used as fallback channels. The malware contains worm-like functionality to republish compromised packages and propagate through the npm ecosystem.

Pulse ID: 6a0c1b289f4fe8b7bdf00a84
Pulse Link: https://otx.alienvault.com/pulse/6a0c1b289f4fe8b7bdf00a84
Pulse Author: AlienVault
Created: 2026-05-19 08:11:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #CyberSecurity #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #SupplyChain #Worm #bot #AlienVault

Тихое присутствие вместо вымогательства: особенности национальных киберугроз в промышленности

Российский промышленный сектор переживает масштабную волну цифровой трансформации и форсированного импортозамещения. Однако оборотной стороной этого процесса стал резкий рост интереса к нему со стороны высокопрофессиональных злоумышленников. Мы наблюдаем существенную разницу в подходах к кибератакам на отрасль: если во всем мире промышленность страдает от классических вирусов-вымогателей и шифровальщиков, требующих выкуп, то в России фокус окончательно сместился в сторону сложного кибершпионажа и глубокого скрытого закрепления в ИТ-инфраструктуре. В этой статье мы разберем ключевые данные по атакам на российский промышленный сектор, проанализируем тактики атакующих групп, специфику применяемого инструментария, уязвимые места технологического сегмента, а также рассмотрим практические шаги для реализации концепции результативной кибербезопасности на производстве.

https://habr.com/ru/companies/pt/articles/1036788/

#киберугрозы #артгруппы #кибершпионаж #впо #социальная_инженерия #ddos #rat #vm #промышленный_сектор #pt_isim

L'hantavirus est présent dans l'océan Indien, il ne circule pas à La Réunion où la vigilance est de mise

https://imazpress.com/selection-de-la-redaction/hantavirus-le-virus-present-dans-l-ocean-indien-aucune-circulation-a-la-reunion-mais-la-surveillance-continue

#lareunion #hantavirus #sante #rat

FlowerStorm unleashes the KrakVM: PhaaS operators turn to VM-based obfuscation

Pulse ID: 6a0bf3f754a617ca8aaf3796
Pulse Link: https://otx.alienvault.com/pulse/6a0bf3f754a617ca8aaf3796
Pulse Author: Tr1sa111
Created: 2026-05-19 05:24:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #bot #Tr1sa111

蒼穹の下　Під небом блакитним
世界に背を向けられても
Душа воїна ще тут

https://www.pixiv.net/novel/show.php?id=28112949

<>

#ＡＩ生成 #near #bottom #night #shadow #dark #winter #never #golden #beneath #azure #vault #firmly #upon #path #rat #world #turn #back #flame #chest #shall #lost #warrior #heart #still #right #land #sky #time #already #breath

蒼穹の下　Під небом блакитним
世界に背を向けられても
Душа воїна ще тут

https://www.pixiv.net/novel/show.php?id=28112949

<>

#ＡＩ生成 #near #bottom #night #shadow #dark #winter #never #golden #beneath #azure #vault #firmly #upon #path #rat #world #turn #back #flame #chest #shall #lost #warrior #heart #still #right #land #sky #time #already #breath

Paper Werewolf Phishing Campaign Uses EchoGather RAT for Espionage

Pulse ID: 6a0baa380a76031766bf4b58
Pulse Link: https://otx.alienvault.com/pulse/6a0baa380a76031766bf4b58
Pulse Author: cryptocti
Created: 2026-05-19 00:09:28

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Espionage #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #bot #cryptocti

Spring harvest - Leek Likho group's campaign to hunt for documents

The Leek Likho group (also known as SkyCloak or Vortex Werewolf) was first described by researchers in 2025, when a series of targeted attacks on public sector organizations in Russia and Belarus became known. This campaign was called Operation SkyCloak. We observed the continuation of its activity during February-April 2026, and also discovered a new technique that attackers use to filter files.

Pulse ID: 6a0b6c5acfd23c54ac29ea40
Pulse Link: https://otx.alienvault.com/pulse/6a0b6c5acfd23c54ac29ea40
Pulse Author: AlienVault
Created: 2026-05-18 19:45:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Belarus #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Russia #bot #AlienVault