piggo
@pigondrugs.bsky.social
I sheer alpacas and try to defend the internet from malware
~Sophos~
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
Shanya Packer-as-a-Service Fuels Attacks
news.sophos.com
December 7, 2025 at 4:04 AM
~Sophos~
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
New packer 'Shanya' is being used by ransomware groups like Akira to deliver payloads and an EDR killer.
-
IOCs: biokdsl. com, biklkfd. com
-
#Packer #Ransomware #Shanya #ThreatIntel
~Trendmicro~
A critical pre-auth RCE (CVSS 10.0) vulnerability, CVE-2025-55182, affects React Server Components and frameworks like Next.js; patch immediately.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
A critical pre-auth RCE (CVSS 10.0) vulnerability, CVE-2025-55182, affects React Server Components and frameworks like Next.js; patch immediately.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
Critical RCE in React Server Components
www.trendmicro.com
December 6, 2025 at 4:04 AM
~Trendmicro~
A critical pre-auth RCE (CVSS 10.0) vulnerability, CVE-2025-55182, affects React Server Components and frameworks like Next.js; patch immediately.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
A critical pre-auth RCE (CVSS 10.0) vulnerability, CVE-2025-55182, affects React Server Components and frameworks like Next.js; patch immediately.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
~Paloalto~
Malicious Model Context Protocol (MCP) servers can exploit the 'sampling' feature to conduct prompt injection attacks, leading to resource theft and covert actions.
-
IOCs: (None identified)
-
#AISecurity #LLM #PromptInjection #ThreatIntel
Malicious Model Context Protocol (MCP) servers can exploit the 'sampling' feature to conduct prompt injection attacks, leading to resource theft and covert actions.
-
IOCs: (None identified)
-
#AISecurity #LLM #PromptInjection #ThreatIntel
New Prompt Injection Attacks via MCP Sampling
unit42.paloaltonetworks.com
December 6, 2025 at 4:03 AM
~Paloalto~
Malicious Model Context Protocol (MCP) servers can exploit the 'sampling' feature to conduct prompt injection attacks, leading to resource theft and covert actions.
-
IOCs: (None identified)
-
#AISecurity #LLM #PromptInjection #ThreatIntel
Malicious Model Context Protocol (MCP) servers can exploit the 'sampling' feature to conduct prompt injection attacks, leading to resource theft and covert actions.
-
IOCs: (None identified)
-
#AISecurity #LLM #PromptInjection #ThreatIntel
~Socket~
Malicious Go packages typosquat popular UUID libraries to exfiltrate data to a pastebin service via a hidden function.
-
IOCs: dpaste. com, github. com/bpoorman/uuid, github. com/bpoorman/uid
-
...
Malicious Go packages typosquat popular UUID libraries to exfiltrate data to a pastebin service via a hidden function.
-
IOCs: dpaste. com, github. com/bpoorman/uuid, github. com/bpoorman/uid
-
...
Malicious Go UUID Library Typosquats
socket.dev
December 5, 2025 at 8:04 PM
~Socket~
Malicious Go packages typosquat popular UUID libraries to exfiltrate data to a pastebin service via a hidden function.
-
IOCs: dpaste. com, github. com/bpoorman/uuid, github. com/bpoorman/uid
-
...
Malicious Go packages typosquat popular UUID libraries to exfiltrate data to a pastebin service via a hidden function.
-
IOCs: dpaste. com, github. com/bpoorman/uuid, github. com/bpoorman/uid
-
...
~Sophos~
GOLD BLADE (RedCurl) now deploys QWCrypt ransomware in hybrid attacks, targeting Canadian orgs via weaponized resumes on recruitment platforms.
-
IOCs: 109. 206. 236. 209, stars. medbury. com, automatinghrservices. workers. dev
-
...
GOLD BLADE (RedCurl) now deploys QWCrypt ransomware in hybrid attacks, targeting Canadian orgs via weaponized resumes on recruitment platforms.
-
IOCs: 109. 206. 236. 209, stars. medbury. com, automatinghrservices. workers. dev
-
...
GOLD BLADE Evolves with QWCrypt Ransomware
news.sophos.com
December 5, 2025 at 5:07 PM
~Sophos~
GOLD BLADE (RedCurl) now deploys QWCrypt ransomware in hybrid attacks, targeting Canadian orgs via weaponized resumes on recruitment platforms.
-
IOCs: 109. 206. 236. 209, stars. medbury. com, automatinghrservices. workers. dev
-
...
GOLD BLADE (RedCurl) now deploys QWCrypt ransomware in hybrid attacks, targeting Canadian orgs via weaponized resumes on recruitment platforms.
-
IOCs: 109. 206. 236. 209, stars. medbury. com, automatinghrservices. workers. dev
-
...
~Socket~
A 25% YoY drop in November CVEs is due to administrative slowdowns at key publishers, not a true reduction in risk.
-
IOCs: (None identified)
-
#CVE #ThreatIntel #VulnerabilityManagement
A 25% YoY drop in November CVEs is due to administrative slowdowns at key publishers, not a true reduction in risk.
-
IOCs: (None identified)
-
#CVE #ThreatIntel #VulnerabilityManagement
November CVEs Drop 25% YoY
socket.dev
December 5, 2025 at 5:05 PM
~Socket~
A 25% YoY drop in November CVEs is due to administrative slowdowns at key publishers, not a true reduction in risk.
-
IOCs: (None identified)
-
#CVE #ThreatIntel #VulnerabilityManagement
A 25% YoY drop in November CVEs is due to administrative slowdowns at key publishers, not a true reduction in risk.
-
IOCs: (None identified)
-
#CVE #ThreatIntel #VulnerabilityManagement
~Cisa~
CISA warns CVE-2025-55182, a Meta React Server Components RCE vulnerability, is being actively exploited.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #ThreatIntel
CISA warns CVE-2025-55182, a Meta React Server Components RCE vulnerability, is being actively exploited.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #ThreatIntel
CISA Adds Meta React RCE to KEV Catalog
www.cisa.gov
December 5, 2025 at 5:01 PM
~Cisa~
CISA warns CVE-2025-55182, a Meta React Server Components RCE vulnerability, is being actively exploited.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #ThreatIntel
CISA warns CVE-2025-55182, a Meta React Server Components RCE vulnerability, is being actively exploited.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #RCE #ThreatIntel
~Socket~
A critical unauthenticated RCE vulnerability (CVSS 10.0) affects React Server Components, requiring immediate patching.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
A critical unauthenticated RCE vulnerability (CVSS 10.0) affects React Server Components, requiring immediate patching.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
Critical RCE in React Server Components
socket.dev
December 5, 2025 at 12:34 PM
~Socket~
A critical unauthenticated RCE vulnerability (CVSS 10.0) affects React Server Components, requiring immediate patching.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
A critical unauthenticated RCE vulnerability (CVSS 10.0) affects React Server Components, requiring immediate patching.
-
IOCs: CVE-2025-55182
-
#CVE202555182 #ReactJS #ThreatIntel
~Trendmicro~
Trend Micro introduces 'Project View' in Trend Vision One to provide project-based, contextualized cloud risk management.
-
IOCs: (None identified)
-
#CSPM #CloudSecurity #ThreatIntel
Trend Micro introduces 'Project View' in Trend Vision One to provide project-based, contextualized cloud risk management.
-
IOCs: (None identified)
-
#CSPM #CloudSecurity #ThreatIntel
Trend Micro Launches Project View for Cloud Risk Management
www.trendmicro.com
December 4, 2025 at 8:04 PM
~Trendmicro~
Trend Micro introduces 'Project View' in Trend Vision One to provide project-based, contextualized cloud risk management.
-
IOCs: (None identified)
-
#CSPM #CloudSecurity #ThreatIntel
Trend Micro introduces 'Project View' in Trend Vision One to provide project-based, contextualized cloud risk management.
-
IOCs: (None identified)
-
#CSPM #CloudSecurity #ThreatIntel
~Cisa~
CISA released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA Releases Nine ICS Advisories
www.cisa.gov
December 4, 2025 at 8:01 PM
~Cisa~
CISA released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
CISA released nine new advisories detailing security issues and vulnerabilities in various Industrial Control Systems.
-
IOCs: (None identified)
-
#ICS #ThreatIntel #Vulnerability
~Elastic~
Elastic Security can automate detection tuning requests directly from Kibana Cases to improve SOC efficiency and reduce alert fatigue.
-
IOCs: (None identified)
-
#Automation #Elastic #SOC #ThreatIntel
Elastic Security can automate detection tuning requests directly from Kibana Cases to improve SOC efficiency and reduce alert fatigue.
-
IOCs: (None identified)
-
#Automation #Elastic #SOC #ThreatIntel
Automating Detection Tuning in Kibana
www.elastic.co
December 4, 2025 at 5:05 PM
~Elastic~
Elastic Security can automate detection tuning requests directly from Kibana Cases to improve SOC efficiency and reduce alert fatigue.
-
IOCs: (None identified)
-
#Automation #Elastic #SOC #ThreatIntel
Elastic Security can automate detection tuning requests directly from Kibana Cases to improve SOC efficiency and reduce alert fatigue.
-
IOCs: (None identified)
-
#Automation #Elastic #SOC #ThreatIntel
~Cofense~
Expect AI-accelerated phishing in 2026, with faster compromises and increased abuse of legitimate remote access tools.
-
IOCs: (None identified)
-
#AI #Phishing #ThreatIntel
Expect AI-accelerated phishing in 2026, with faster compromises and increased abuse of legitimate remote access tools.
-
IOCs: (None identified)
-
#AI #Phishing #ThreatIntel
2026 Phishing Threat Predictions
cofense.com
December 4, 2025 at 5:04 PM
~Cofense~
Expect AI-accelerated phishing in 2026, with faster compromises and increased abuse of legitimate remote access tools.
-
IOCs: (None identified)
-
#AI #Phishing #ThreatIntel
Expect AI-accelerated phishing in 2026, with faster compromises and increased abuse of legitimate remote access tools.
-
IOCs: (None identified)
-
#AI #Phishing #ThreatIntel
~Cisa~
PRC state-sponsored actors use the BRICKSTORM backdoor for long-term persistence on VMware vSphere and Windows systems.
-
IOCs: (None identified)
-
#BRICKSTORM #ThreatIntel #VMware
PRC state-sponsored actors use the BRICKSTORM backdoor for long-term persistence on VMware vSphere and Windows systems.
-
IOCs: (None identified)
-
#BRICKSTORM #ThreatIntel #VMware
BRICKSTORM Backdoor Targets VMware
www.cisa.gov
December 4, 2025 at 5:03 PM
~Cisa~
PRC state-sponsored actors use the BRICKSTORM backdoor for long-term persistence on VMware vSphere and Windows systems.
-
IOCs: (None identified)
-
#BRICKSTORM #ThreatIntel #VMware
PRC state-sponsored actors use the BRICKSTORM backdoor for long-term persistence on VMware vSphere and Windows systems.
-
IOCs: (None identified)
-
#BRICKSTORM #ThreatIntel #VMware
~Cisa~
PRC state-sponsored actors are deploying the sophisticated BRICKSTORM backdoor for long-term persistence in government and IT networks.
-
IOCs: (None identified)
-
#BRICKSTORM #China #ThreatIntel
PRC state-sponsored actors are deploying the sophisticated BRICKSTORM backdoor for long-term persistence in government and IT networks.
-
IOCs: (None identified)
-
#BRICKSTORM #China #ThreatIntel
PRC Actors Use BRICKSTORM Malware
www.cisa.gov
December 4, 2025 at 5:01 PM
~Cisa~
PRC state-sponsored actors are deploying the sophisticated BRICKSTORM backdoor for long-term persistence in government and IT networks.
-
IOCs: (None identified)
-
#BRICKSTORM #China #ThreatIntel
PRC state-sponsored actors are deploying the sophisticated BRICKSTORM backdoor for long-term persistence in government and IT networks.
-
IOCs: (None identified)
-
#BRICKSTORM #China #ThreatIntel
~Socket~
TypeScript 6.0 will be the last JS-based release as focus shifts to the much faster native compiler (Project Corsa) for version 7.0.
-
IOCs: (None identified)
-
#DevNews #ThreatIntel #TypeScript
TypeScript 6.0 will be the last JS-based release as focus shifts to the much faster native compiler (Project Corsa) for version 7.0.
-
IOCs: (None identified)
-
#DevNews #ThreatIntel #TypeScript
TypeScript 6.0: The Final JS-Based Release
socket.dev
December 4, 2025 at 12:36 PM
~Socket~
TypeScript 6.0 will be the last JS-based release as focus shifts to the much faster native compiler (Project Corsa) for version 7.0.
-
IOCs: (None identified)
-
#DevNews #ThreatIntel #TypeScript
TypeScript 6.0 will be the last JS-based release as focus shifts to the much faster native compiler (Project Corsa) for version 7.0.
-
IOCs: (None identified)
-
#DevNews #ThreatIntel #TypeScript
~Mandiant~
Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware.
-
IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992
-
#Intellexa #ThreatIntel #ZeroDay
Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware.
-
IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992
-
#Intellexa #ThreatIntel #ZeroDay
Intellexa Continues Prolific Zero-Day Exploitation
cloud.google.com
December 4, 2025 at 12:33 PM
~Mandiant~
Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware.
-
IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992
-
#Intellexa #ThreatIntel #ZeroDay
Despite US sanctions, spyware vendor Intellexa remains a prolific user of zero-day exploits to deploy its Predator spyware.
-
IOCs: CVE-2025-6554, CVE-2023-41993, CVE-2023-41992
-
#Intellexa #ThreatIntel #ZeroDay
~Anyrun~
Researchers observed North Korean Lazarus Group operators' infiltration TTPs in a controlled sandbox as they posed as remote IT workers.
-
IOCs: 194. 33. 45. 162, aaronzeeshan. slack. com, aaronsfazzy. slack. com
-
...
Researchers observed North Korean Lazarus Group operators' infiltration TTPs in a controlled sandbox as they posed as remote IT workers.
-
IOCs: 194. 33. 45. 162, aaronzeeshan. slack. com, aaronsfazzy. slack. com
-
...
Lazarus Group IT Worker Infiltration
any.run
December 4, 2025 at 12:31 PM
~Anyrun~
Researchers observed North Korean Lazarus Group operators' infiltration TTPs in a controlled sandbox as they posed as remote IT workers.
-
IOCs: 194. 33. 45. 162, aaronzeeshan. slack. com, aaronsfazzy. slack. com
-
...
Researchers observed North Korean Lazarus Group operators' infiltration TTPs in a controlled sandbox as they posed as remote IT workers.
-
IOCs: 194. 33. 45. 162, aaronzeeshan. slack. com, aaronsfazzy. slack. com
-
...
~Socket~
Hundreds of malicious, auto-generated 'elf-stats-*' packages are flooding the npm registry, containing reverse shells and data exfiltrators.
-
IOCs: elweth. fr, eop9blzagrmvcii. m. pipedream. net
-
#Malware #SupplyChain #ThreatIntel #npm
Hundreds of malicious, auto-generated 'elf-stats-*' packages are flooding the npm registry, containing reverse shells and data exfiltrators.
-
IOCs: elweth. fr, eop9blzagrmvcii. m. pipedream. net
-
#Malware #SupplyChain #ThreatIntel #npm
Malicious 'elf-stats' npm Packages
socket.dev
December 4, 2025 at 4:04 AM
~Socket~
Hundreds of malicious, auto-generated 'elf-stats-*' packages are flooding the npm registry, containing reverse shells and data exfiltrators.
-
IOCs: elweth. fr, eop9blzagrmvcii. m. pipedream. net
-
#Malware #SupplyChain #ThreatIntel #npm
Hundreds of malicious, auto-generated 'elf-stats-*' packages are flooding the npm registry, containing reverse shells and data exfiltrators.
-
IOCs: elweth. fr, eop9blzagrmvcii. m. pipedream. net
-
#Malware #SupplyChain #ThreatIntel #npm
~Cisa~
CISA warns CVE-2021-26828, an OpenPLC ScadaBR file upload vulnerability, is under active exploitation.
-
IOCs: CVE-2021-26828
-
#CVE202126828 #SCADA #ThreatIntel
CISA warns CVE-2021-26828, an OpenPLC ScadaBR file upload vulnerability, is under active exploitation.
-
IOCs: CVE-2021-26828
-
#CVE202126828 #SCADA #ThreatIntel
CISA Adds OpenPLC ScadaBR Vuln to KEV Catalog
www.cisa.gov
December 3, 2025 at 8:01 PM
~Cisa~
CISA warns CVE-2021-26828, an OpenPLC ScadaBR file upload vulnerability, is under active exploitation.
-
IOCs: CVE-2021-26828
-
#CVE202126828 #SCADA #ThreatIntel
CISA warns CVE-2021-26828, an OpenPLC ScadaBR file upload vulnerability, is under active exploitation.
-
IOCs: CVE-2021-26828
-
#CVE202126828 #SCADA #ThreatIntel
~Socket~
Malicious Rust crate 'evm-units' downloads and silently executes cross-platform payloads, impacting dependent packages.
-
IOCs: download. videotalks. xyz
-
#Rust #SupplyChain #ThreatIntel
Malicious Rust crate 'evm-units' downloads and silently executes cross-platform payloads, impacting dependent packages.
-
IOCs: download. videotalks. xyz
-
#Rust #SupplyChain #ThreatIntel
Malicious Rust Crate 'evm-units'
socket.dev
December 3, 2025 at 5:05 PM
~Socket~
Malicious Rust crate 'evm-units' downloads and silently executes cross-platform payloads, impacting dependent packages.
-
IOCs: download. videotalks. xyz
-
#Rust #SupplyChain #ThreatIntel
Malicious Rust crate 'evm-units' downloads and silently executes cross-platform payloads, impacting dependent packages.
-
IOCs: download. videotalks. xyz
-
#Rust #SupplyChain #ThreatIntel
~Cofense~
Threat actors are increasing HR-themed phishing, using lures like compensation adjustments and termination notices to steal credentials.
-
IOCs: (None identified)
-
#HR #Phishing #ThreatIntel
Threat actors are increasing HR-themed phishing, using lures like compensation adjustments and termination notices to steal credentials.
-
IOCs: (None identified)
-
#HR #Phishing #ThreatIntel
HR Phishing Peaks in Q3/Q4
cofense.com
December 3, 2025 at 5:02 PM
~Cofense~
Threat actors are increasing HR-themed phishing, using lures like compensation adjustments and termination notices to steal credentials.
-
IOCs: (None identified)
-
#HR #Phishing #ThreatIntel
Threat actors are increasing HR-themed phishing, using lures like compensation adjustments and termination notices to steal credentials.
-
IOCs: (None identified)
-
#HR #Phishing #ThreatIntel
~Cisa~
CISA and international partners released new guidance for securely integrating AI into Operational Technology (OT) systems.
-
IOCs: (None identified)
-
#AI #Cybersecurity #OT #ThreatIntel
CISA and international partners released new guidance for securely integrating AI into Operational Technology (OT) systems.
-
IOCs: (None identified)
-
#AI #Cybersecurity #OT #ThreatIntel
CISA Guidance: Secure AI in OT
www.cisa.gov
December 3, 2025 at 5:01 PM
~Cisa~
CISA and international partners released new guidance for securely integrating AI into Operational Technology (OT) systems.
-
IOCs: (None identified)
-
#AI #Cybersecurity #OT #ThreatIntel
CISA and international partners released new guidance for securely integrating AI into Operational Technology (OT) systems.
-
IOCs: (None identified)
-
#AI #Cybersecurity #OT #ThreatIntel
~Trendmicro~
A campaign targets job seekers with email lures, using a weaponized Foxit PDF Reader for DLL side-loading to deploy ValleyRAT.
-
IOCs: 196. 251. 86. 145, 51. 79. 214. 125, 154. 90. 58. 164
-
#DLLSideloading #ThreatIntel #ValleyRAT
A campaign targets job seekers with email lures, using a weaponized Foxit PDF Reader for DLL side-loading to deploy ValleyRAT.
-
IOCs: 196. 251. 86. 145, 51. 79. 214. 125, 154. 90. 58. 164
-
#DLLSideloading #ThreatIntel #ValleyRAT
ValleyRAT Targets Job Seekers via Foxit Reader
www.trendmicro.com
December 3, 2025 at 12:36 PM
~Trendmicro~
A campaign targets job seekers with email lures, using a weaponized Foxit PDF Reader for DLL side-loading to deploy ValleyRAT.
-
IOCs: 196. 251. 86. 145, 51. 79. 214. 125, 154. 90. 58. 164
-
#DLLSideloading #ThreatIntel #ValleyRAT
A campaign targets job seekers with email lures, using a weaponized Foxit PDF Reader for DLL side-loading to deploy ValleyRAT.
-
IOCs: 196. 251. 86. 145, 51. 79. 214. 125, 154. 90. 58. 164
-
#DLLSideloading #ThreatIntel #ValleyRAT
~Sekoia~
Russia-nexus actor Calisto targets the NGO Reporters Without Borders with sophisticated spear-phishing campaigns for credential theft.
-
IOCs: 196. 44. 117. 196, account. simpleasip. org, scorelikelygateway. simleasip. org
-
...
Russia-nexus actor Calisto targets the NGO Reporters Without Borders with sophisticated spear-phishing campaigns for credential theft.
-
IOCs: 196. 44. 117. 196, account. simpleasip. org, scorelikelygateway. simleasip. org
-
...
Calisto (FSB) Targets Reporters Without Borders
blog.sekoia.io
December 3, 2025 at 12:34 PM
~Sekoia~
Russia-nexus actor Calisto targets the NGO Reporters Without Borders with sophisticated spear-phishing campaigns for credential theft.
-
IOCs: 196. 44. 117. 196, account. simpleasip. org, scorelikelygateway. simleasip. org
-
...
Russia-nexus actor Calisto targets the NGO Reporters Without Borders with sophisticated spear-phishing campaigns for credential theft.
-
IOCs: 196. 44. 117. 196, account. simpleasip. org, scorelikelygateway. simleasip. org
-
...
~Zscaler~
Aggressive Shai-Hulud V2 malware targets the NPM supply chain, exfiltrating secrets to GitHub and installing persistent backdoors via Actions runners.
-
IOCs: SHA1HULUD, discussion. yaml, ~/. dev-env/
-
#NPM #ShaiHulud #ThreatIntel
Aggressive Shai-Hulud V2 malware targets the NPM supply chain, exfiltrating secrets to GitHub and installing persistent backdoors via Actions runners.
-
IOCs: SHA1HULUD, discussion. yaml, ~/. dev-env/
-
#NPM #ShaiHulud #ThreatIntel
Shai-Hulud V2 Targets NPM Supply Chain
www.zscaler.com
December 3, 2025 at 4:06 AM
~Zscaler~
Aggressive Shai-Hulud V2 malware targets the NPM supply chain, exfiltrating secrets to GitHub and installing persistent backdoors via Actions runners.
-
IOCs: SHA1HULUD, discussion. yaml, ~/. dev-env/
-
#NPM #ShaiHulud #ThreatIntel
Aggressive Shai-Hulud V2 malware targets the NPM supply chain, exfiltrating secrets to GitHub and installing persistent backdoors via Actions runners.
-
IOCs: SHA1HULUD, discussion. yaml, ~/. dev-env/
-
#NPM #ShaiHulud #ThreatIntel