Search

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…29 AM Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID Connect…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

…Many of the infected packages are popular bioinformatics tools such as Dynamo, Spateo, CoolBox, U-FISH, and Napari-UFISH. The new campaign was discovered by application security company Socket and extended to…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Fake OpenAI repository on Hugging Face pushes infostealer malware

…Popular node-ipc npm package compromised to steal credentials GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions New macOS stealer campaign uses Script Editor in ClickFix attack New Infinity Stealer malware…

May 9, 2026 · Bill Toulas

bleepingcomputer.com › news › security

GitHub disables Microsoft repos pushing password-stealing malware

…Security engineer Adnan Khan  said that the June 5th incident affecting Microsoft repositories appeared to be part of the Miasma malware campaign that infected 32 of Red Hat's npm packages . In…

Jun 9, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

Chinese hackers use new Atlas RAT malware in European cyberattacks

1w ago

bleepingcomputer.com

Over 116,000 Mincraft systems infected in WeedHack malware campaign

1w ago

bleepingcomputer.com

Over 116,000 Minecraft systems infected in WeedHack malware campaign

1w ago

bleepingcomputer.com

WordPress malware campaign hides payloads in Steam profiles

1w ago

bleepingcomputer.com › news › security

SHub macOS infostealer variant spoofs Apple security updates

…a fake Apple security update message referencing XProtectRemediator, downloads a shell script using ‘curl,’ and executes it silently via ‘zsh.’ Before deploying its data-theft logic, the malware performs a system check…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Inside the REMUS Infostealer: Session Theft, MaaS, and Rapid Evolution

…REMUS, however, repeatedly emphasized cookie collection, token handling, browser sessions, proxy-assisted restoration, and authenticated access continuity. From the earliest stages of the campaign, the malware promoted browser sessions and authentication artifacts…

May 15, 2026

bleepingcomputer.com › news › security

Cybercrime service disrupted for abusing Microsoft platform to sign malware

…The operation was linked to numerous malware and ransomware campaigns involving Oyster, Lumma Stealer, Vidar, as well as the Rhysida, Akira, INC, Qilin, and BlackByte ransomware operations. Microsoft says threat actors, including…

May 19, 2026 · Lawrence Abrams

bleepingcomputer.com › news › security

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

…XLab has observed multiple payloads being used in these attacks, including DLL loaders, JavaScript droppers, and an Electron-based malware sample named UtilifySetup.exe. Mitigating the risk The most important course of…

May 24, 2026 · Bill Toulas

bleepingcomputer.com › news › security

WhatsApp says it disrupted new NSO spyware phishing attacks

WhatsApp says it disrupted new NSO spyware phishing attacks By Bill Toulas June 8, 2026 02:40 PM WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group…

Jun 8, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New TCLBanker malware self-spreads over WhatsApp and Outlook

…Additionally, the malware includes self-spreading worm modules for WhatsApp and Outlook that automatically infect new victims. The new banking trojan was discovered by Elastic Security Labs , whose researchers believe it’s…

May 7, 2026 · Bill Toulas