Malware
Cryptojacking Campaign Weaponises AI Chatbots as Malware Distribution Layer
Microsoft documents attackers manipulating LLM responses to surface malicious downloads, exploiting conversational trust as enterprises deploy AI without security hardening.
Iranian APT escalates cyber campaign targeting US and European aviation infrastructure
IRGC-affiliated Nimbus Manticore deploys AI-assisted malware and supply chain attacks as asymmetric leverage during US-Iran conflict.
Nx Console VS Code Extension Compromised in Supply Chain Attack Targeting Developer Credentials
Malicious v18.95.0 harvested cloud secrets and SSH keys from enterprise development environments during 11-minute window on Microsoft Marketplace.
TanStack Supply Chain Attack Exploited GitHub Actions to Publish 84 Malicious npm Packages in Six Minutes
Coordinated breach weaponised OIDC tokens and CI/CD automation to compromise 42 packages with credential-harvesting payloads, exposing structural flaws in trusted publishing.
CPUID supply chain breach poisoned CPU-Z and HWMonitor downloads with RAT malware
A six-hour backend API compromise turned trusted hardware monitoring tools into malware delivery vectors, infecting 150+ users before detection.
Axios HTTP Library Compromised in Sophisticated npm Supply Chain Attack
Malicious versions of JavaScript's most-used HTTP client deployed cross-platform RAT to 83 million weekly downloads via hijacked maintainer account.