Old flaws, weak supply-chain controls, and simple but effective exploits keep enabling major breaches and stealthy persistence across ecosystems. This week’s incidents range from a $290M KelpDAO heist tied to TraderTraitor to widespread malicious npm packages deploying XWorm and minirat, active RCEs, AI prompt-injection attacks, and stealth execution techniques against trusted binaries and macOS. #TraderTraitor #KelpDAO
Keypoints
- A $290M KelpDAO exploit manipulated RPC infrastructure and has been linked to the TraderTraitor actor.
- Malicious npm packages are stealing data, implanting SSH backdoors, and delivering RATs like XWorm and minirat.
- Active exploitation includes critical RCEs in MajorDoMo and a zero-credential ActiveMQ Jolokia chain.
- AI agents face rising indirect prompt-injection attacks that poison web content to trigger real-world actions and exfiltration.
- Attackers abuse trusted binaries, signed utilities, and macOS features for stealthy execution while basic patching and supply-chain checks are often skipped.
Read More: https://thehackernews.com/2026/04/threatsday-bulletin-290m-defi-hack.html