Palo Alto Networks Unit 42 identified a novel, self-replicating npm supply chain worm called “Shai-Hulud” that has compromised over 180 packages by harvesting developer credentials and using stolen npm tokens to publish malicious updates. Unit 42 also assessed with moderate confidence that an LLM assisted in generating the malicious bash script,…
Tag: MACOS
Microsoft has issued reminders that Office 2016 and Office 2019 will end support on October 14, 2025, urging users to upgrade to avoid security and compatibility issues. The company also announced the end of support for Windows 10, Exchange 2016, and Exchange 2019, emphasizing the importance of migrating to newer versions like Microsoft 365 Apps, Office 2024, or Office LTSC 2024. #Office2016 #Office2019 #Windows10 #Exchange2016 #Exchange2019
A supply-chain worm named Shai-Hulud infected roughly 200 NPM packages by adding a postinstall bundle.js that steals credentials, exfiltrates them (via webhook[.]site), creates public GitHub repositories with leaked data, and propagates to other NPM packages using maintainer credentials. Sysdig TRT and Falco/Sysdig Secure detections and mitigations are available and recommended, including package inventory queries, version pinning, credential rotation, and runtime monitoring. #Shai-Hulud #webhook.site
Apple released security patches for CVE-2025-43300, an actively exploited zero-day vulnerability in their OS frameworks, to prevent memory corruption from malicious images. These updates are critical for targeted individuals as attackers have exploited this flaw in sophisticated campaigns. #CVE-2025-43300 #ImageIO…
A recent supply chain attack dubbed Shai-Hulud compromised over 180 NPM packages and 40 developer accounts, spreading self-replicating malware to steal secrets and propagate further. The attacker used malicious scripts to exfiltrate credentials and create public repositories, significantly impacting the JavaScript ecosystem. #ShaiHulud #NPMSupplyChain…
XillenStealer is an open-source, Python-based information stealer with a GUI builder that harvests system metadata, browser credentials, cryptocurrency wallet files, messaging sessions, and screenshots, then exfiltrates data via a Telegram bot. The builder lowers the barrier for abuse by enabling rapid configuration and compilation of customized builds and is linked to Russian-speaking actors and an ecosystem at xillenkillers[.]ru. #XillenStealer #Telegram
TA415 conducted July–August 2025 spearphishing campaigns against U.S. government, think tank, and academic targets on U.S.-China economic topics, impersonating the Select Committee Chair and the US-China Business Council to distribute password-protected archives that executed an obfuscated Python loader (WhirlCoil) to install VS Code Remote Tunnels for persistent remote access. The actor…
Apple has released security updates to patch a zero-day vulnerability (CVE-2025-43300) affecting older iPhones and iPads, which was exploited in highly sophisticated targeted attacks. The flaw involves an out-of-bounds write in the Image I/O framework, leading to potential remote code execution; Apple and WhatsApp have warned about ongoing exploitation. #CVE202543300 #ImageIO #targetedattacks #AppleSecurity
Apple has released timely updates to fix a critical security flaw (CVE-2025-43300) that has been exploited in targeted attacks using sophisticated methods. These patches also address multiple other vulnerabilities across Apple devices, enhancing overall security. #CVE-2025-43300 #iOSUpdate…
Cybersecurity experts have uncovered a new campaign using FileFix social engineering techniques combined with sophisticated obfuscation to deliver the StealC info stealer malware. The attack leverages convincing phishing sites and abused trusted code hosting platforms to evade detection and infect victims’ systems. #StealC #FileFix #Doppel…
Apple has released major updates for iOS, macOS, and other Apple operating systems, addressing over 50 security vulnerabilities. These patches resolve critical flaws in components like WebKit, Bluetooth, Safari, and the Apple Neural Engine, enhancing device security against potential exploits. #WebKit #AppleNeuralEngine…
Browser-based attacks are on the rise as attackers target users through web browsers to compromise business apps and data. Modern threats like phishing, malicious copy-paste, malicious OAuth, browser extensions, file delivery, and stolen credentials are making browsers a critical security focus. #SnowflakeBreaches #SalesforceAttacks…
Jamf Threat Labs analyzed a modular macOS backdoor named ChillyHell that remained notarized since 2021 and uses host profiling, multiple persistence mechanisms, DNS/HTTP C2 channels, and modular tasking including a brute-force module. The report links ChillyHell to prior Mandiant reporting (UNC4487 / MATANBUCHUS context), lists hardcoded C2 IPs and transport methods, and notes Apple revoked the associated developer certificates after disclosure. #ChillyHell #MATANBUCHUS
Threat actor WhiteCobra is attacking VS Code, Cursor, and Windsurf users by distributing malicious extensions through popular extension repositories. Their campaign involves sophisticated impersonation tactics and the use of malware like LummaStealer to drain cryptocurrency wallets. #WhiteCobra #LummaStealer
Two sentences summarizing the importance of assuming breach and implementing incident response in AWS, including the use of open source MCP tools and the Shared Responsibility Model. It emphasizes planning, logging, and structured response across AWS services to minimize impact from cloud security incidents. hashtags: #AWSCloudTrail #AWSIRevealMCP…