Agregátor RSS

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]

Ostraha vás může požádat o spolupráci, nemá ale pravomoci policie. Co to znamená v praxi a liší se nějak postup, když hlídač kontroluje dítě?

Jezdíte na pracovní cesty dieslem? Podle aktuální vyhlášky je nárok nově o více než 10 Kč za každý projetý litr nafty vyšší.

SourceForge vznikl v roce 1999 jako jedno z prvních center open-source vývoje. Po letech dominance ukázal, že svobodná licence sama nechrání důvěru mezi autorem a uživatelem, pokud má platforma vlastní obchodní motivace.

Seznámíme se s projektem nazvaným LunarML. Jedná se o transpřekladač (transpiler) transformující zdrojové kódy zapsané v jazyce ML (resp. Standard ML) do programovacích jazyků Lua a JavaScript.

Exploze SN 2023vbw, která se odehrála v říjnu 2023, zřejmě nebyla jen tak nějakou obyčejnou supernovou. Podle jejího průběhu a vlastností jde o jeden z dosud nejpřesvědčivějších příkladů supernovy párové nestability. Po těchto přízračných supernovách extrémně hmotných hvězd nezůstane ve vesmíru naprosto vůbec nic.

Nvidia k příležitosti Computexu potvrdila většinu stávajících drbů o N1(X) / GB10 pro notebooky. Nedošlo k vydání, jen k ohlášení, notebooky budou vydané až na podzim a výkon je na úrovni RTX 5060…

Security researchers on Monday found dozens of Red Hat npm package releases infected with the Mini Shai-Hulud worm that TeamPCP cybercriminals recently open-sourced. The new supply chain attack hit at least 32 npm package releases published under the Red Hat Cloud Services namespace, according to security researchers from Google-owned Wiz, who traced the malware to one Red Hat employee’s compromised GitHub account. They said the affected packages are downloaded around 80,000 times a week. “The compromised account pushed malicious orphan commits to two RedHatInsights repositories, bypassing code review,” the threat hunters said in a Monday blog. “This happened across two waves of activity.” Wiz considers this a “live threat,” and says its researchers are actively monitoring it for any new developments. Socket, meanwhile, counted 95 affected package versions as of 11:00:22 UTC. The supply-chain security shop continues to monitor the ongoing attack and update the artifacts list – so be sure to check it out, and if your organization or any development pipelines have installed one of the poisoned versions, assume compromise and immediately rotate credentials. The compromised versions execute a hidden payload through a preinstall hook so that the malware automatically runs during the npm install process – before a developer imports or uses the package. “Based on Socket’s analysis, the payload is designed to collect GitHub Actions secrets, npm tokens, cloud credentials, Kubernetes and Vault material, SSH keys, Git credentials, and other sensitive files,” Socket’s research team wrote on Monday. “It also includes encrypted exfiltration logic and GitHub-based fallback mechanisms, indicating that the attacker was not only attempting to steal credentials, but also potentially enable further supply chain propagation.” A Red Hat spokesperson told The Register that the IBM-owned software firm is aware of the reports. “We immediately initiated an investigation and removed the packages from the npm registry,” the spokesperson said. “The packages are strictly limited to internal development, and the malicious code was never published for customer consumption via the console.redhat.com system. While our investigation is ongoing, we have not identified any impact to customer or partner environments or Red Hat production systems.” Both security firms say the malware resembles the Mini Shai-Hulud worm – but because TeamPCP open sourced the credential-stealing tool, it’s tough to say whether TeamPCP or a copycat crew is responsible for the latest developer-targeting supply chain infection. According to Wiz, the modifications look “largely cosmetic, with references to the Dune universe replaced by Greek mythology themes (i.e ‘spartan’), while the underlying functionality and tradecraft remain substantially similar.” One of the notable changes, the security sleuths said, is that the new variant adds data collectors for Google Cloud Platform and Microsoft Azure identities, and this new capability snarfs up all the identities that the infected machine has access to, as opposed to just stealing secrets from the cloud environments. This suggests “an increased attacker focus on gaining and leveraging access to the cloud itself,” Wiz warns. This variant also creates repositories containing the description “Miasma: The Spreading Blight.” And unlike earlier variants of the self-spreading worm that copied themselves, this one generates a uniquely encrypted payload for each infection, which makes hash-based indicators-of-compromise useful only for a specific package version. ®

More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]

The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). [...]

npm balíčky @redhat-cloud-services byly kompromitovány.

Byly publikovány informace o zranitelnosti CVE-2026-46243 pojmenované CIFSwitch v Linuxu od roku 2007. Běžný uživatel může získat práva roota (lokální eskalaci práv). V upstreamu je již opraveno.

Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said.

The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.

The vicious cycle of today’s supply-chain attacks

It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected.

Read full article

Comments

The biggest threat to America’s midterm elections in November likely isn’t foreign attackers hacking US voting machines. Phishing and election-official impersonation are the bigger risks, according to Check Point, which documented more than 5,000 election-themed domains registered between April and May. These domains can be used by attackers for phishing, impersonation, fraud, misinformation, or influence activity, especially when coupled with about 17,000 exposed credentials associated with fundraising orgs, political parties, and government-related services also spotted by the security shop’s intelligence arm in May. "Election-related domains and leaked credentials represent two sides of the same problem: infrastructure and access," Danielle Hess, a cyber threat intelligence analyst at Check Point Software, told The Register. "A rise in election-themed domains not only creates more potential infrastructure that could be abused for phishing or impersonation, but also reflects a growing election-related ecosystem with more organizations, accounts, and users that can be targeted," Hess said. "When combined with a large pool of exposed credentials, attackers have more opportunities to conduct convincing and scalable election-related operations." Plus, AI gives phishing, impersonation, election misinformation and other scam operations a massive boost, making them faster, cheaper, and easier to scale. The uptick in election-related threats follows the Trump administration’s efforts to gut America’s lead cyber-defense agency and decimate its efforts to combat election-related fraud, while slashing its budget and workforce, and cutting all federal funding for the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). According to a Monday report, Check Point has been monitoring registered domains and documented about 1,300 containing the keyword “election” and 2,957 containing “vote” in January. Three months later, between April 13 and May 14, about 1,140 newly registered domains contained the word "election," while the number containing "vote" had climbed to about 4,010. While simply registering a domain doesn’t guarantee it will be used for malicious purposes, such domains are often used for phishing pages that impersonate voter info sites or candidates themselves, and campaign donation scams, and misinformation sites designed to look like official election communications. Along these lines, the security shop documented thousands of leaked credentials in May linked to fundraising and political party websites including about 9,500 ActBlue.com (Democrats’ fundraising site) compromised credentials, 6,500 leaked WinRed.com (Republican fundraising) credentials, plus 600 from the official Republican gop.com website, 130 from democrats.org, and 150 leaked usa.gov citizen services’ site credentials. Hess told us that "it's important to note that the credential statistics reflect credentials identified on Check Point's External Risk Management (ERM) platform as of May 2026 and are not limited to credentials that were necessarily stolen or leaked during May 2026 itself." As the reports point out, the credential leaks aren't limited to one political party or specific campaigns. “Individual political campaign domains showed little to no observed credential exposure across a sample of swing-state candidates from both major political parties, reinforcing that current exposure is concentrated in centralized platforms rather than campaign-specific infrastructure,” according to the report. “A single campaign domain stood out as an exception, with around 90 leaked credentials identified,” the report continued. "The campaign domain referenced was associated with candidate Tom Kean," Hess said, referring to Rep. Tom Kean Jr. (R-NJ). "However, it's important to note the credentials were identified within infostealer malware logs, which typically reflect opportunistic compromise rather than deliberate targeting of a specific campaign. While not indicative of direct targeting, the presence of these credentials may still pose a security risk if associated accounts remain active or reused.” In addition to the political org-related credential exposure, voter information is also appearing across dark web forums ahead of the November midterms. This includes a January 30 BreachForums post advertising data - being given away for free - tied to the Fremont County, Colorado election division. The data dump included names, email addresses, IP address data, and election-related portal submission information. On April 26, the threat hunters spotted a post on criminal forum Spear[.]cx, claiming to offer a multi-state US voter database covering more than two dozen states and Washington, DC. ®

Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]

Červen je na velké novinky slabší, ale to jen proto, že hned v jeho úvodních týdnech světoví vydavatelé odhalí očekávané novinky. I během sledování Summer Game Festu a dalších konferencí ale budeme mít co hrát.

Vzali jsme týdenní přehledy nejstahovanějších filmů, které se objevují na torrentech, a spojili je do jednoho žebříčku. Tohle jsou aktuálně filmy, o které je na světě největší zájem, které se nejvíc pirátí.

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential

A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]