This research explores how AI agents can facilitate the creation and deployment of adaptive computer worms. It highlights potential new threats in cybersecurity where AI-driven malware can evolve and evade detection.
The "TrapDoor" malware campaign is a new threat to cryptocurrency developers, employing supply chain attacks through malicious packages to hijack AI coding tools. It infiltrates development environments to steal digital assets, representing a sophisticated evolution in cybercriminal tactics.
A six-minute attack compromised the trust model of modern JavaScript development, pushing 84 malicious package versions across 42 @tanstack packages via a legitimate release pipeline. The "worm" spread to over 170 packages on npm and PyPI, affecting over 518 million cumulative downloads and targeting credential theft.
A developer discovered and deobfuscated a hidden PHP backdoor on their server, which extracted a full-featured web shell and injected malicious SSH public keys for persistent access. The detailed analysis revealed how the malware bypassed scanners and maintained direct SSH access without leaving footprints in web logs.
The TeamPCP supply chain campaign has resumed with concurrent compromises targeting the AI inference package xinference, Checkmarx KICS, and Bitwarden CLI. This directly impacts AI security by poisoning a widely used LLM/ML model serving framework and demonstrates sophisticated attack methods increasingly intersecting with AI tooling.
The article introduces slop-squatting, a supply-chain attack that exploits hallucinated software package names generated by large language models. It details how attackers register phantom packages to distribute malicious code and discusses building a scanner to detect these AI-generated attacks.
The 'LLMShare' campaign exploits ChatGPT's content-sharing feature to host fake outage pages, tricking users into downloading malware disguised as a desktop application. This attack leverages Google ad abuse, domain cloaking, and AI platform misuse to deliver infostealer payloads, bypassing traditional phishing detection.
Malicious versions of the node-ipc npm package were found to contain stealer/backdoor payloads. The malware harvests credentials for AI tools and cloud services like AWS, Azure, and GCP, exfiltrating data via HTTPS and DNS.
Um relatório recente sobre habilidades digitais revela que, de 52.702 habilidades indexadas e 2.105 auditadas, 172 foram identificadas como maliciosas e 1.012 como suspeitas. O conteúdo convida à leitura do relatório completo e oferece ferramentas para auditoria e verificação de segurança.
Um relatório de 10 de abril de 2026 detalha os resultados de uma auditoria de 54.550 "skills" indexadas, identificando 172 como maliciosas e 1.012 como suspeitas. O conteúdo fornece links para o relatório completo, serviços de auditoria e pesquisa, e uma ferramenta de verificação pré-instalação para essas "skills".
Este relatório detalha uma auditoria de segurança em 54.454 habilidades indexadas, revelando 172 itens maliciosos e 1.012 suspeitos entre os 2.105 auditados. Um relatório completo e ferramentas de pesquisa e verificação pré-instalação estão disponíveis para consulta.
VanillaRAT 1.7 has emerged as a sophisticated Remote Access Trojan (RAT). It possesses enhanced capabilities for stealthy system infiltration and persistent control.
O relatório de auditoria de 09/04/2026 detalha que 54.454 skills foram indexadas, com 2.105 auditadas, resultando na identificação de 172 maliciosas e 1.012 suspeitas. O documento fornece links para o relatório completo, busca e verificações de pré-instalação.
RazStealer is a highly advanced and powerful information-stealing tool. It provides cybersecurity researchers, penetration testers, and ethical hackers with insights into how sensitive data is stolen from compromised systems.