top of page
ALL POSTS
Mini Shai-Hulud Worm Supply Chain Attack Compromises Hundreds of Open-Source Packages
Key Findings TeamPCP threat actor behind sprawling supply chain attack targeting npm and PyPI packages across TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI Malware deploys obfuscated JavaScript credential stealer targeting cloud providers, crypto wallets, AI tools, CI systems, and messaging apps Data exfiltrated to attacker-controlled infrastructure using Session Protocol to evade detection Malware establishes persistence in VS Code and Claude Code IDEs, survive
May 133 min read
North Korean Threat Actors Exploit VS Code Task Automation for StoatWaffle Malware Deployment
Key Findings North Korean threat actors tracked as WaterPlum are distributing StoatWaffle malware through malicious VS Code projects using the "tasks.json" auto-run feature The malware automatically executes when any file in a project folder is opened, with downloads occurring regardless of operating system StoatWaffle includes a credential stealer targeting browsers and a remote access trojan for command execution Attackers are targeting senior engineers, CTOs, and founders
Mar 233 min read
bottom of page
