Information Stealer
Hackers exploit FortiClient EMS flaw to push infostealer malware
Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker disguised the malware as an update for Fortinet endpoints and executed it through VPN scripting workflows managed by FortiClient. The exploited critical vulnerability is an improper access control flaw that allows […]
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. According to the Ukrainian police, the threat actor used information-stealing malware between 2024 and 2025 to infect users’ devices and steal browser sessions […]
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping. However, popular packages outside this namespace have also been […]
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. Dubbed Reaper, the new version steals sensitive browser data, collects documents and files that may contain financial details, and hijacks crypto wallet apps. Unlike earlier SHub campaigns that relied on “ClickFix” tactics, tricking users […]
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP. Despite the maintainer publishing in March […]
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID Connect (OIDC) tokens to publish malicious package versions with verifiable provenance attestation (SLSA Build Level 3) Attributed to the TeamPCP threat group, the attack started with compromising dozens of TanStack […]
Fake OpenAI repository on Hugging Face pushes infostealer malware
A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. The repository briefly reached #1 on Hugging Face and accumulated 244,000 downloads before the platform responded to reports and removed it. The Hugging Face platform lets developers and researchers share AI models, […]
Australia warns of ClickFix attacks pushing Vidar Stealer malware
The Australian Cyber Security Center (ACSC) is warning organizations of an ongoing malware campaign using the ClickFix social engineering technique to distribute the Vidar Stealer info-stealing malware. ClickFix is a social engineering attack technique that tricks users into executing malicious commands, usually through fake CAPTCHA or browser verification prompts displayed on compromised or malicious websites. […]
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. “Within less than 12 hours of identifying the issue, we were able to implement a solution. Based on our current findings, the issue was limited to the free […]
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. The supply-chain attack led to thousands of infections in more than 100 countries. However, second-stage payloads were deployed only to a dozen machines, indicating a targeted attack aimed […]