Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a deceptive naming strategy and a hidden postinstall script. The package, impersonating the well-known TanStack ecosystem, was weaponized to steal sensitive environment files immediately…

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

itsecuritynews.info - 04/May 12:07

A malicious npm package named “tanstack” has been discovered deploying a stealthy data exfiltration campaign, targeting developers through a...

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

bleepingcomputer.com - 11:29

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware...

84 npm Packages Linked to TanStack Hit by Supply-Chain Breach

itsecuritynews.info - 06:05

A massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by...

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

securityaffairs.co - 09/May 13:11

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security...

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

bleepingcomputer.com - 05/May 10:03

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone...

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

bleepingcomputer.com - 05/May 10:03

A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone...

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

itsecuritynews.info - 09/May 14:33

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security...

Cache-poisoning caper turns TanStack npm packages toxic

itsecuritynews.info - 12:03

Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code This article has been indexed from...

Backdoored PyTorch Lightning package drops credential stealer

bleepingcomputer.com - 04/May 17:15

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting...

Backdoored PyTorch Lightning package drops credential stealer

bleepingcomputer.com - 04/May 17:15

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting...

Rubriques :

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

Articles similaires

Malicious TanStack Package Abuses Postinstall Script to Steal Developer Secrets

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

84 npm Packages Linked to TanStack Hit by Supply-Chain Breach

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Cache-poisoning caper turns TanStack npm packages toxic

Backdoored PyTorch Lightning package drops credential stealer

Backdoored PyTorch Lightning package drops credential stealer

Les derniers communiqués