New PCPJack worm steals credentials, cleans TeamPCP infections
… Among the targeted services are Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. …
Search
Related topics:
Kubernetes
Tracked topic
Kubernetes
Reducing security operations complexity with Wazuh Cloud
… Organizations operate hybrid infrastructures spanning on-premises systems, multi-cloud platforms, containers, and Kubernetes clusters, all while navigating strict compliance requirements from frameworks including PCI DSS, HIPAA, GDPR, NIST 800-53, and CIS Benchmarks. …
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
… The behavior resembles the CanisterWorm campaign that TeamPCP deployed in March and targeted Kubernetes platforms. …
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
… An analysis of the JavaScript payload revealed that it targeted a broad range of developer secrets that included the following: GitHub tokens and GitHub Actions secrets npm, PyPI, RubyGems, JFrog publishing tokens AWS, GCP, Azure, Kubernetes, and Vault credentials SSH keys Docker credentials .env, … …
Popular node-ipc npm package compromised to steal credentials
… The latest compromise appears to be the work of an external actor who compromised the account of an inactive maintainer named 'atiertant.' According to the researchers, the infostealer injected in the new node-ipc versions collects the following types of information from compromised systems: Cloud … …
The ‘Miasma’ worm source code briefly leaked on GitHub
… The framework harvests credentials from cloud providers, CI/CD systems, password managers, Kubernetes, and secret stores, and abuses them to compromise npm, PyPI, and RubyGems packages, as well as GitHub repositories, Actions workflows, and JFrog Artifactory instances. …
OpenAI confirms security breach in TanStack supply chain attack
… The Mini Shai-Hulud malware delivered in the campaign targeted the theft of developer and cloud credentials, including GitHub tokens, npm publish tokens, AWS credentials, Kubernetes secrets, SSH keys, and .env files. …
Laravel Lang packages hijacked to deploy credential-stealing malware
… The downloaded PHP payload VirusTotal was a large cross-platform credential stealer for Linux, macOS, and Windows that harvests cloud credentials, Kubernetes secrets, Vault tokens, Git credentials, CI/CD secrets, SSH keys, browser data, cryptocurrency wallets, password managers, VPN configurations,… …
GitHub links repo breach to TanStack npm supply-chain attack
… The poisoned extension deployed a malicious payload designed to steal credentials and secrets for a wide range of platforms, including npm, AWS, Kubernetes, GitHub, and GCP/Docker. …
Red Hat npm packages compromised to steal developer credentials
… "scripts": { "preinstall": "node index.js" } According to Aikido, the 'index.js' payload was approximately 4.2 MB in size, and is used to steal GitHub Actions secrets, AWS credentials, Google Cloud credentials, Azure service principal credentials, HashiCorp Vault tokens, Kubernetes service account … …