Malware
Malicious NuGet Package Impersonates Sicoob Banking SDK, Exfiltrates mTLS Certificates Through Sentry
A trojanized NuGet package posing as the official Sicoob C# SDK reads PFX certificates off disk and ships them, plus the password, to an attacker-controlled Sentry endpoint — abusing a trusted telemetry service as its exfiltration channel.
TrapDoor: Cross-Ecosystem Supply Chain Attack Plants Credential Stealers and AI-Assistant Backdoors
A coordinated campaign across npm, PyPI, and Crates.io seeded 34+ malicious packages that steal developer secrets and plant hidden instructions to weaponize AI coding assistants.
Laravel-Lang Supply Chain Attack: 233 Package Versions Backdoored to Steal Cloud and CI/CD Secrets
Attackers repointed git tags across four Laravel-Lang Composer packages to a malicious fork, backdooring 233 versions with a credential stealer that drains cloud, CI/CD, and developer secrets.
ZionSiphon: OT Sabotage Malware Targeting Israeli Water and Desalination Plants
Darktrace dissects ZionSiphon, a politically motivated OT malware built to tamper with chlorine and pressure in Israeli water systems. Broken by bad crypto, but the blueprint is real.
CPUID Website Compromised to Deliver STX RAT via CPU-Z and HWMonitor Downloads
Attackers compromised CPUID's download infrastructure for ~19 hours, replacing CPU-Z and HWMonitor installers with trojanized builds that sideload STX RAT via a malicious CRYPTBASE.dll.
North Korea's Contagious Interview Campaign Hits 1,700 Malicious Packages Across Five Ecosystems
DPRK-linked Contagious Interview operation now spans npm, PyPI, Go Modules, crates.io, and Packagist with 1,700+ poisoned packages delivering BeaverTail and InvisibleFerret malware.
Dead Drops on the Chain: Why Blockchain Became the C2 Infrastructure Defenders Can't Take Down
From EtherHiding to CanisterWorm to GlassWorm — attackers spent three years systematically proving that blockchain is the unkillable C2 channel. Here's how each technique works and what you can actually do about it.