All CosmicBytez Labs articles tagged #Worm, across news, security advisories, how-to guides, and projects.
This week's threat intelligence roundup covers a supply chain attack kit posted publicly, a $5,000-per-month RAT that clones browser sessions, AI agents...
The Miasma credential-stealing worm framework was briefly open-sourced on GitHub before removal, potentially enabling copycat attacks against open-source...
Microsoft's GitHub presence has become the latest target of the self-replicating Miasma supply chain worm, with 73 repositories across Azure, Azure-Samples…
A new Mini Shai-Hulud supply chain campaign codenamed Miasma has compromised Red Hat's @redhat-cloud-services npm packages, deploying a self-propagating…
TeamPCP's Shai-Hulud worm inflicted serious damage on the open source ecosystem — but a close look at their operations raises the question of whether their.
Cybersecurity researchers have discovered a fresh Mini Shai-Hulud supply chain attack compromising the @antv npm ecosystem through a hijacked maintainer...
The public release of the Shai-Hulud worm source code by TeamPCP has triggered a wave of copycat variants appearing across the npm ecosystem. Security...
TeamPCP has expanded its supply chain attack campaign with a fresh Mini Shai-Hulud worm that compromised npm and PyPI packages from TanStack, UiPath,...
Hundreds of npm packages in the TanStack open source ecosystem have been infected by a fresh wave of Mini Shai-Hulud worm activity from TeamPCP — the same...
The Trivy supply chain attack has expanded dramatically beyond GitHub Actions: malicious Docker Hub images (versions 0.69.4–0.69.6) carry an infostealer,...