Topic

#Malware

16 articles on Malware — news, releases, guides and analysis from the SourceFeed engine.

Beyond Code: How StegoAd Hid Malware in Fonts and Images

Microsoft's removal of 119 Edge extensions exposes how threat actors bypass static analysis by weaponizing ordinary asset files.

Emeka Okafor

Node.js as a Portable Attack Vector in Phishing Campaigns

Attackers are dropping standalone Node.js runtimes into user space to bypass security controls and run persistent implants.

Article · 3d ago0

Miasma Proves Trusted Publishing Can Backfire Spectacularly

The self-propagating Miasma worm exploits GitHub Actions OIDC and phantom build files to turn security standards against developers.

Article · 3d ago0

The AUR Namespace Trap: Lessons from the Atomic Arch Attacks

The recent compromise of over 1,500 AUR packages exposes the structural danger of flat namespaces in developer-focused package repositories.

Article · 1w ago5

North Korean Hackers Poison Mastra AI in npm Attack

The compromise of the Mastra AI framework exposes critical gaps between CI/CD provenance and registry-level publish permissions.

Article · 1w ago1

The GitHub Clone Farm That Beat VirusTotal

A 10,000-repo Trojan campaign weaponizes GitHub's trust signals, search ranking and commit history — and the next mark is your AI agent.

Article · 1w ago2

Steam Workshop Wallpapers Exploited to Run Malicious Binaries

Attackers leverage Wallpaper Engine's application feature to execute backdoors and hijack active user sessions.

Article · 1w ago5

How a Fake LinkedIn Job Offer Delivered a Node Backdoor

Attackers are using stolen identities and malicious npm lifecycle scripts to target developers during the recruitment process.

Article · 2w ago4

Arch's AUR Malware Sprawl Hits 1,579 Packages

A user-repository compromise that started at 400 packages ballooned past 1,500 before Arch developers purged the malicious commits.

News · 2w ago6

AUR Supply Chain Attack Delivers eBPF Rootkit and Infostealer

A spoofed maintainer adopted over 400 Arch User Repository packages, injecting preinstall scripts that fetch malicious NPM payloads.

News · 2w ago0

Inside 'The Gentlemen' Ransomware: TTPs, AI, and Network Hardening

Understand the technical tactics of this rapidly expanding RaaS group to defend your edge devices and Active Directory.

Article · 2w ago2

Microsoft Pulls Dozens of GitHub Repos After Supply-Chain Malware Targets AI Coders' Credentials

Hackers slipped password-stealing code into Microsoft open-source projects tied to Azure and AI coding workflows. Here's the attack vector — and what to audit in your own pipeline.

News · 2w ago5

Miasma Worm Hits Microsoft Packages Twice in Weeks — and Your SLSA Provenance Won't Save You

The Miasma credential stealer has now compromised the same Microsoft GitHub account twice, defeating cryptographic supply-chain guarantees and triggering silently when developers open packages in AI coding agents.

Article · 2w ago1

uv Gets Built-In Vulnerability and Malware Scanning

Astral's uv package manager adds `uv audit` and optional install-time malware checks powered by OSV, closing supply-chain gaps that separate tooling can't easily address.

News · 3w ago1

Config Files That Run Code: The Supply Chain Blind Spot Nobody Is Auditing

The Miasma worm didn't need a malicious dependency. It used .claude/settings.json, .vscode/tasks.json, and package.json to detonate a credential stealer — before you read a single line of code.

Article · 3w ago0

Config Files That Run Code: The Supply Chain Blindspot You're Probably Not Auditing

The Miasma worm hid a credential-stealing dropper inside ordinary config files for VS Code, Cursor, Claude Code, Gemini CLI, npm, Composer, and Bundler. Here's exactly how each vector works — and what to review before you clone.

Article · 3w ago0