Search

bleepingcomputer.com › news › security

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

…GitHub tokens and GitHub Actions secrets npm, PyPI, RubyGems, JFrog publishing tokens AWS, GCP, Azure, Kubernetes, and Vault credentials SSH keys Docker credentials .env, .npmrc, .pypirc Shell histories Claude/MCP configuration files…

Jun 8, 2026 · Bill Toulas

Top stories

bleepingcomputer.com

GitHub disables Microsoft repos pushing password-stealing malware

1d ago

bleepingcomputer.com

NFCShare Android malware spreads via fake banking app updates on GitHub

2d ago

bleepingcomputer.com

VS Code zero-day lets hackers steal GitHub tokens in one click

1w ago

bleepingcomputer.com › news › security

New Shai-Hulud malware wave compromises 600 npm packages

…When GitHub credentials are available, the malware uses the GitHub API to automatically create new repositories under the victim’s account and upload the stolen data to them. Socket has found 1…

May 19, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

…The Shai-Hulud campaign emerged last September and had multiple iterations [ 1 , 2 , 3 ], some of them exposing hundreds of thousands of developer secrets in automatically generated GitHub repositories. Among more recently…

May 12, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Glassworm botnet disrupted after resilient C2 infrastructure takedown

…Later attack waves extended to GitHub repositories and npm packages, with one campaign in March impacting more than 400 software artifacts . In a more recent attack, Glassworm operators planted dozens of dormant…

May 27, 2026 · Ionut Ilascu

bleepingcomputer.com › news › security

Leaked Shai-Hulud malware fuels new npm infostealer campaign

…The malware emerged on GitHub last week, with a message allegedly from TeamPCP saying "Here We Go Again - Let the Carnage Continue. A Gift from TeamPCP." The chalk-tempalte package appears to…

May 18, 2026 · Bill Toulas

bleepingcomputer.com › news › security

New IronWorm malware hits 36 packages in npm supply-chain attack

…This behavior is conceptually similar to Shai Hulud , which had its code published on GitHub recently. Although JFrog researchers did not find a clear connection between IronWorm and Shai Hulud, they observed…

Jun 4, 2026 · Bill Toulas

bleepingcomputer.com › news › apple

Apple blocked over $11 billion in App Store fraud in 6 years

…How to Spot it Before it Empties Your Wallet Ukraine identifies infostealer operator tied to 28,000 stolen accounts GitHub investigates internal repositories breach claimed by TeamPCP Microsoft blames macOS update for…

May 21, 2026 · Sergiu Gatlan

bleepingcomputer.com › news › security

Over 116,000 Mincraft systems infected in WeedHack malware campaign

…McAfee explains that many of those projects do not have official websites, only GitHub pages. In one case highlighted in the report, the malicious website displays a security notice warning visitors that…

Jun 2, 2026 · Bill Toulas

bleepingcomputer.com › news › security

Over 116,000 Minecraft systems infected in WeedHack malware campaign

…McAfee explains that many of those projects do not have official websites, only GitHub pages. In one case highlighted in the report, the malicious website displays a security notice warning visitors that…

Jun 2, 2026 · Bill Toulas