top of page
ALL POSTS
Critical Miasma Worm Campaign Targets Microsoft and Red Hat in Expanding Supply Chain Attack Wave
Key Findings Miasma worm infected 73 Microsoft GitHub repositories across Azure, Azure-Samples, Microsoft, and MicrosoftDocs organizations, forcing GitHub to disable access Attack represents re-compromise of previously infected "durabletask" PyPI package, suggesting threat actors maintained persistent access for over a month Miasma operates as self-replicating malware variant of Mini Shai-Hulud worm, exploiting the trust model of package registries rather than technical vulne
Jun 64 min read
PCPJack Cloud Worm: Exploiting 5 CVEs to Steal Credentials and Spread Across Systems
Key Findings PCPJack is a credential theft framework targeting exposed cloud infrastructure across Docker, Kubernetes, Redis, MongoDB, and RayML The malware exploits five CVEs (CVE-2025-55182, CVE-2025-29927, CVE-2026-1357, CVE-2025-9501, CVE-2025-48703) to spread worm-like across networks PCPJack actively removes TeamPCP artifacts from compromised systems, suggesting possible connection to former TeamPCP members Stolen credentials are exfiltrated via Telegram and include acc
May 73 min read
Supply Chain Worm Spreads Through npm Packages to Steal Developer Authentication Tokens
Key Findings Self-propagating worm dubbed CanisterSprawl detected in six npm packages, spreading via stolen developer credentials Malware executes during package installation to harvest npm tokens, SSH keys, cloud credentials, and browser data Stolen tokens enable attackers to push poisoned package versions, creating a self-replicating supply chain attack Exfiltration occurs through HTTPS webhook and ICP canister infrastructure designed to resist takedowns Campaign includes c
Apr 223 min read
Wormable XMRig Campaign Leverages BYOVD and Timed Kill Switch for Stealth
Key Findings Wormable cryptojacking campaign spreads through pirated software installers Uses BYOVD (Bring Your Own Vulnerable Driver) technique to gain kernel-level access and boost mining performance Includes a time-based "kill switch" set to December 23, 2025, triggering a controlled cleanup routine Exhibits worm-like capabilities, spreading across external storage devices for lateral movement Modular design separates monitoring features from mining, persistence, and privi
Feb 232 min read
bottom of page
