Malware

Malicious postinstall hooks discovered across 700+ GitHub repos targeting PHP and Node.js packages via Packagist.

Megalodon attack compromises 5,561 GitHub repos via malicious CI workflows in six hours.

Microsoft patches two exploited Defender zero-days allowing privilege escalation and DoS attacks.

GitHub breach of 3,800 repos linked to malicious Nx Console extension in TanStack npm supply-chain attack

TeamPCP steals 3,800 GitHub repositories via poisoned VS Code extension, demands $95K

Banana RAT malware targets 16 Brazilian banks via fake invoices, stealing data with QR code fraud.

GitHub confirms employee device compromise via malicious VS Code extension.

Microsoft releases mitigation for YellowKey BitLocker zero-day disclosed by Nightmare Eclipse.

Shai-Hulud campaign injects malware into 600+ npm packages to steal developer credentials.

INTERPOL Operation Ramz arrests 200+ individuals, seizes 53 malware and phishing servers across MENA region.

SHub macOS infostealer variant 'Reaper' spoofs Apple security updates via AppleScript to steal data and install

Reaper malware bypasses macOS Tahoe security to steal passwords and install backdoor via fake Microsoft domain.

Leaked Shai-Hulud malware deployed in four malicious npm packages by threat actor.

Shai-Hulud worm clones emerge days after source code release on GitHub.

RDP stealer malware discovered with Windows Defender evasion capability.

PoC code published for critical NGINX heap buffer overflow vulnerability (CVE-2026-42945).

Funnel Builder WordPress plugin vulnerability exploited to inject payment card skimmers.

Hackers deploy XWorm RAT v7.4 via PyInstaller with AMSI patching to bypass Windows security.

OpenAI hit by TanStack supply chain attack; credentials stolen from code repositories.

CalPhishing campaign exploits Outlook invites and device code phishing to steal M365 tokens and bypass MFA.

TeamPCP releases Shai-Hulud worm source code on GitHub, fueling supply chain attacks with monetary rewards.

Daily dark web threat intelligence digest reporting multiple breaches, CVEs, and exposed credentials across global

OpenAI confirms two employee devices breached in TanStack supply chain attack via Mini Shai-Hulud malware.

JobStealer malware spreads via fake job interview apps on Windows and macOS targeting crypto wallets.

Stealer backdoor discovered in 3 node-ipc npm package versions targeting developer credentials.

Ghostwriter targets Ukrainian government with geofenced PDF phishing delivering Cobalt Strike.

FamousSparrow targeted Azerbaijani oil and gas firm via ProxyNotShell exploit across three attack waves.

KongTuke IAB now exploits Microsoft Teams for social engineering, delivering ModeloRAT in under five minutes.

Salt Typhoon and Twill Typhoon expand targeting with updated backdoors across Azerbaijan, Asia-Pacific regions.

Nitrogen ransomware hits Foxconn North American facilities amid 600 attacks on manufacturers this year.

Kimsuky deploys PebbleDash-based tools linked to AppleSeed malware cluster

China-linked Twill Typhoon uses fake Apple and Yahoo CDN sites with FDMTP malware to spy on Asia-Pacific organizations.

ESET reports FrostyNeighbor cyberespionage group updates toolset targeting Ukrainian government.

TeamPCP and BreachForums launch $1,000 contest rewarding supply chain attacks on open source packages.

TeamPCP claims to sell 5GB of Mistral AI repositories after Mini Shai-Hulud supply chain attack.

Dark Web Informer daily digest reports multiple breaches, ransomware hits, and supply chain attacks across global

TanStack supply chain attack compromises Mistral AI SDK packages on npm and PyPI

Mistral AI confirms impact from TanStack supply chain attack.

Iran-linked MuddyWater targets South Korean electronics maker and 8+ orgs in espionage campaign.

Threat actors publish malicious RubyGems packages with scrapers targeting UK government servers.

Researcher releases PoC exploits for YellowKey BitLocker bypass and GreenPlasma privilege escalation zero-days.

Breached and TeamPCP announce $1K prize competition for largest supply chain attack.

TeamPCP poisoned 400+ npm and PyPI packages with Mini Shai-Hulud self-propagating worm via hijacked OIDC tokens.

LatAm Vibe threat campaigns use AI agents to generate custom hacking tools targeting Mexico and Brazil.

Chinese-linked FamousSparrow exploited Microsoft Exchange repeatedly at Azerbaijani oil/gas firm from Dec 2025–Feb 2026.

GemStuffer campaign abuses 150+ RubyGems packages to exfiltrate U.K. council portal data.

RubyGems suspends new registrations after 500+ malicious packages uploaded in attack.

Dark Web Informer daily digest reports multiple breaches, ransomware claims, and threat actor activity.

Mini Shai-Hulud malware compromises hundreds of open-source packages across major registries in supply-chain attack.

ShinyHunters' clearnet domain suspended after Canvas LMS attacks; group relocates to dark web.