Agregátor RSS

Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week. “The compromised account pushed malicious orphan commits to two RedHatInsights repositories, bypassing code review,” the threat hunters said in a Monday blog. “This happened across two waves of activity.” Wiz considers this a “live threat,” and says its researchers are actively monitoring it for any new developments. Socket, meanwhile, counted 95 affected package versions as of 11:00:22 UTC. The supply-chain security shop continues to monitor the ongoing attack and update the artifacts list – so be sure to check it out, and if your organization or any development pipelines have installed one of the poisoned versions, assume compromise and immediately rotate credentials. The compromised versions execute a hidden payload through a preinstall hook so that the malware automatically runs during the npm install process – before a developer imports or uses the package. “Based on Socket’s analysis, the payload is designed to collect GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault material, SSH keys, Git credentials, and other sensitive files,” Socket’s research team wrote on Monday. “It also includes encrypted exfiltration logic and GitHub-based fallback mechanisms, indicating that the attacker was not only attempting to steal credentials, but also potentially enable further supply chain propagation.” A Red Hat spokesperson told The Register that the IBM-owned software firm is aware of the reports. “We immediately initiated an investigation and removed the packages from the npm registry,” the spokesperson said. “The packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system. While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems.” Both security firms say the malware resembles the Mini Shai-Hulud worm – but because TeamPCP open sourced the credential-stealing tool, it’s tough to say whether TeamPCP or a copycat crew is responsible for the latest developer-targeting supply chain infection. According to Wiz, the modifications look “largely cosmetic, with references to the Dune universe replaced by Greek mythology themes (i.e ‘spartan’), while the underlying functionality and tradecraft remain substantially similar.” One of the notable changes, the security sleuths said, is that the new variant adds data collectors for Google Cloud Platform and Microsoft Azure identities, and this new capability snarfs up all the identities that the infected machine has access to, as opposed to just stealing secrets from the cloud environments. This suggests “an increased attacker focus on gaining and leveraging access to the cloud itself,” Wiz warns. This variant also creates repositories containing the description “Miasma: The Spreading Blight.” And unlike earlier variants of the self-spreading worm that copied themselves, this one generates a uniquely encrypted payload for each infection, which makes hash-based indicators-of-compromise useful only for a specific package version. ®

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]

npm balíčky @redhat-cloud-services byly kompromitovány.

Byly publikovány informace o zranitelnosti CVE-2026-46243 pojmenované CIFSwitch v Linuxu od roku 2007. Běžný uživatel může získat práva roota (lokální eskalaci práv). V upstreamu je již opraveno.

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

The vicious cycle of today’s supply-chain attacks

It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

Read full article

Comments

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising orgs, political parties, and government-related services also spotted by the security shop’s intelligence arm in May. "Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access," Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register. "A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said. "When combined with a large pool of exposed credentials, attackers have more opportunities to conduct convincing and scalable election-related operations." Plus, AI gives phishing, impersonation, election misinformation and other scam operations a massive boost, making them faster, cheaper, and easier to scale. The uptick in election-related threats follows the Trump administration’s efforts to gut America’s lead cyber-defense agency and decimate its efforts to combat election-related fraud, while slashing its budget and workforce, and cutting all federal funding for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). According to a Monday report, Check Point has been monitoring registered domains and documented about 1,300 containing the keyword “election” and 2,957 containing “vote” in January. Three months later, between April 13 and May 14, about 1,140 newly registered domains contained the word "election," while the number containing "vote" had climbed to about 4,010. While simply registering a domain doesn’t guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, and campaign donation scams, and misinformation sites designed to look like official election communications. Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democrats’ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen services’ site credentials. Hess told us that "it's important to note that the credential statistics reflect credentials identified on Check Point's External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself." As the reports point out, the credential leaks aren't limited to one political party or specific campaigns. “Individual political campaign domains showed little to no observed credential exposure across a sample of swing-state candidates from both major political parties, reinforcing that current exposure is concentrated in centralized platforms rather than campaign-specific infrastructure,” according to the report. “A single campaign domain stood out as an exception, with around 90 leaked credentials identified,” the report continued. "The campaign domain referenced was associated with candidate Tom Kean," Hess said, referring to Rep. Tom Kean Jr. (R-NJ). "However, it's important to note the credentials were identified within infostealer malware logs, which typically reflect opportunistic compromise rather than deliberate targeting of a specific campaign. While not indicative of direct targeting, the presence of these credentials may still pose a security risk if associated accounts remain active or reused.” In addition to the political org-related credential exposure, voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data - being given away for free - tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information. On April 26, the threat hunters spotted a post on criminal forum Spear[.]cx, claiming to offer a multi-state US voter database covering more than two dozen states and Washington, DC. ®

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]

Červen je na velké novinky slabší, ale to jen proto, že hned v jeho úvodních týdnech světoví vydavatelé odhalí očekávané novinky. I během sledování Summer Game Festu a dalších konferencí ale budeme mít co hrát.

Vzali jsme týdenní přehledy nejstahovanějších filmů, které se objevují na torrentech, a spojili je do jednoho žebříčku. Tohle jsou aktuálně filmy, o které je na světě největší zájem, které se nejvíc pirátí.

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nvidia na své konferenci NVIDIA GTC Taipei 2026 představila řadu novinek. Společně s Microsoftem představili superčip NVIDIA RTX Spark (až 6 144 jader GPU, 20 jader CPU, 1 petaflop AI výkonu v FP4 a 128 GB jednotné paměti). První notebooky a stolní počítače s tímto čipem od Nvidie místo Intelu nebo AMD by se měly na trh dostat na podzim letošního roku.

Vyjma jednoho všechny nemovitostní fondy v roce 2025 hravě překonaly inflaci. Většina jich vydělala kolem 5–8 %, nejlepší se dostal přes 20 %.

Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]

The wrong IPS rule can look like a security fix right up until it becomes an outage.

Dell přináší novou generaci levnějších zařízení, která nešetří na nesprávných místech. • XPS 13 má luxusní displej, celodenní výdrž, biometrii i podsvícenou klávesnici. • Dell se přímo postaví MacBooku Neo, jako rivala jej firma sama zmiňuje.

Apple will open the doors to developers at its Worldwide Developer Conference (WWDC) next week. Beyond a big push on AI and new OSes focused on stability and performance, what should developers expect? Mostly it’s about new APIs, Foundation Models, and App Intents; here’s what I’ve been able to figure out so far.

Foundation Models

Apple has been building new Apple Intelligence APIs. One way it is achieving this is to take models made with Google Gemini, then distill and shrink them to fit inside (and run on) its devices. The progression will be to introduce these as a new crop of Foundation models developers can use in their apps. There’s more:

• New APIs mean developers will be able to run Apple Intelligence tools such as summarization directly on the customer device, all offline, all private.
• Developers that use Apple’s standard text editing/entry views will gain access to improved Apple-developed tools inside their apps without custom-coding.
• Because intelligence takes place on the user’s device, neither developers nor users will need to pay for those AI tokens. This is a distinct cost and privacy-saving advantage for customers and developers.

App Intents: The next generation

Apple continues on its quest to convince developers to make features of their apps available for use via Siri with App Intents. Doing so requires developers to wrap their apps into semantic structures, enabling speech/text-based interaction. To help them achieve this, Apple is expected to introduce a complete redesign of its App Intents framework.

Speak as you wish

While users must say “Hey Siri” to invoke its attention today, the assistant will respond more dynamically to natural language. Combined with App Intents, that means users should be able to ask Siri to use a combination of apps to make things happen on the device.

A developer might build a travel app that can take an itinerary and hand it across to a budgeting tool, for example. The idea is that with a spoken or typed command, a person will be able to call on a collection of apps to identify the destination, create an itinerary, put together a to-do list, prepare relevant letters or emails, and assemble a budget — all invoked by the original command.

What about context?

We’re expecting Siri to become better at using the content of your screen, location, and other personal data as it seeks to provide more contextualized responses. We don’t yet know the extent or form in which Apple will make that information available to third-party developers to help contextualize their own apps. Apple’s focus on privacy matters a great deal, as does its relationship with regulators, some of whom will demand that data made available to Apple’s own apps be made available to third-party apps. These are important matters for Apple, app developers, and customers who want the convenience of AI without loss of privacy.

More consistent UI tools on Swift

Swift should get better at migrating legacy code, but the big speculation around it concerns Liquid Glass. Will Swift make it easier for developers to build consistent user interfaces that work properly across all Apple’s platforms? If it does, then it will help overcome one of the big criticisms of Apple’s liquid-inspired UI. Swift will also usher in the tools developers need to support agentic application coding.

Better vibes for Xcode

Vibe coding is everywhere, including within Xcode, which is expected to gain improved contextual and predictive understanding to help boost developer productivity. Xcode could also  introduce improved real-time architectural debugging hints, aiming to make it easier for developers to build bug-free apps.

A Mac you can wear: Vision OS

All the AI enhancements made available across Apple’s other products will also be offered to visionOS. That access takes the headset another step closer to becoming the Mac you wear like sunglasses.

Elsewhere

• A new Camera API means developers can build specialized, interactive buttons that users can deploy directly within the native iOS Camera interface. This should be a great way to use more sophisticated camera apps more naturally.
• Wallet Pass means apps will be able to ingest things like barcodes or gym passes for use within Wallet.
• Icon Composer might offer more tools designed to promote consistency.

Intel finally retires

Apple will abandon Intel support in macOS 27, which means developers will likely end support for legacy Intel applications in response.

After the gold rush

Once the lights go down on WWDC, Apple’s real test will be to see if its announcements help make AI useful, private, and affordable to developers and their customers. After all, if Apple gets AI right on a platform basis, it should be able to offer the kind of on-device intelligence no one else can match, at no charge to developers or users — a move that might yet kick-start AI innovation across its platforms. This will provide a moat around the Apple ecosystem, inside which developers can explore new potentials for AI to give customers the tools they need at costs they can afford.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe.