Aggregator

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

The Hackers News
1 month 2 weeks ago
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account "BufferZoneCorp," which has published a set of repositories that are associated with malicious Ruby gems and Go modules. As of
The Hacker News

Deep#Door Stealer Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials

Cyber Security News
1 month 2 weeks ago

A newly identified Python-based malware known as DEEP#DOOR has surfaced as a serious threat to Windows users, combining a fully-featured backdoor with a powerful credential-stealing engine. What makes this threat especially concerning is how quietly it operates, embedding itself deep inside a compromised system while collecting sensitive data from multiple sources at once. The malware […]

The post Deep#Door Stealer Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials appeared first on Cyber Security News.

Tushar Subhra Dutta

Anthropic launches Claude Security to counter rapid AI-Powered exploits

Security Affairs
1 month 2 weeks ago
Anthropic launched Claude Security to counter faster AI-driven cyberattacks, as tools like Mythos enable near-instant exploitation by threat actors. Anthropic introduced Claude Security to help defenders keep up with a surge in AI-powered cyberattacks. As models like Mythos drastically reduce the time needed to exploit vulnerabilities, similar tools will likely spread among criminals and nation-state […]
Pierluigi Paganini

Managed ad