Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages
A supply chain attack compromised multiple @redhat-cloud-services npm packages, executing malicious payloads automatically during installation via preinstall hooks. The attack uses AES-GCM encrypted payloads and obfuscated JavaScript loaders to harvest GitHub Actions secrets, npm tokens, cloud credentials (AWS, Azure, GCP), Kubernetes and Vault material, SSH keys, Git credentials, and cryptocurrency wallet files. The payload can daemonize on developer workstations, includes Russian-locale avoidance mechanisms, and exfiltrates stolen data through encrypted HTTPS channels with GitHub API fallback mechanisms. The campaign employs tactics similar to the publicly released Shai-Hulud toolkit, though attribution remains unclear due to the availability of open-source attack tooling.
Pulse ID: 6a1dde0e4e662ca1f8b4b0b2
Pulse Link: https://otx.alienvault.com/pulse/6a1dde0e4e662ca1f8b4b0b2
Pulse Author: AlienVault
Created: 2026-06-01 19:31:26
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #Azure #Cloud #CyberSecurity #GitHub #HTTP #HTTPS #ICS #InfoSec #Java #JavaScript #NPM #OTX #OpenThreatExchange #RAT #RCE #Russia #SMS #SSH #SupplyChain #bot #cryptocurrency #AlienVault
📰 Unpatched Critical RCE Flaw (CVSS 9.4) in Gogs Git Service Puts Repositories at Risk
🚨 URGENT: A critical 9.4 CVSS unpatched RCE vulnerability has been disclosed in the Gogs Git service. Default installations are at risk of complete server takeover. No patch is available. Restrict access immediately! ⚠️ #Gogs #RCE #Vulnerability #Gi...
🌐 cyber[.]netsecops[.]io
Faster Vulnerability Alerts Disrupt Cyberattack Window
The time it takes for attackers to exploit a newly disclosed vulnerability has dramatically shrunk to just 1.6 days - leaving organizations scrambling to respond. In today's lightning-fast threat landscape, staying ahead of vulnerability alerts is crucial to preventing devastating cyberattacks.
#VulnerabilityManagement #ExploitWindow #RemoteCodeExecution #Rce #EmergingThreats
🚨 Krytyczna luka RCE w routerze Totolink A8000RU (CVE-2026-9454)
Luka o krytyczności 9.8/10 w routerze Totolink A8000RU pozwala na zdalne wykonanie kodu. Publicznie dostępny exploit zwiększa ryzyko przejęcia urządzenia.
→ https://cyberowi.pl/krytyczna-luka-rce-w-routerze-totolink-a8000ru-cve-2026-9454/
Authenticated RCE via Argument Injection in Gogs (NOT FIXED):
https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
#cybersecurity #vulnerability #rce #informationsecurity #exploitation
Authenticated RCE via Argument Injection in Gogs (NOT FIXED):
https://www.rapid7.com/blog/post/ve-authenticated-rce-via-argument-injection-gogs-unfixed/
#cybersecurity #vulnerability #rce #informationsecurity #exploitation
🚨 Krytyczna luka RCE w Azure Orbital Spatio (CVE-2026-40412)
Microsoft załatał krytyczną lukę RCE w usłudze Azure Orbital Spatio, ocenioną na 10.0 w skali CVSS. Atak nie wymagał uwierzytelnienia i mógł prowadzić do pełnego przejęcia systemu.
→ https://cyberowi.pl/krytyczna-luka-rce-w-azure-orbital-spatio-cve-2026-40412/
OffSequence
OTX Bot
CyberNetsecIO
Analyst207
cyberowy
Alexandre Borges
Alexandre Borges