ALL POSTS

Key Findings 36 malicious npm packages masquerading as Strapi CMS plugins uploaded by four sock puppet accounts over 13 hours Eight distinct payload variants reveal real-time attack development against a specific target Exploitation chain includes Redis RCE, PostgreSQL database theft, Docker container escape, and persistent C2 implants Packages target cryptocurrency platform infrastructure with hardcoded database credentials and wallet-specific data harvesting Postinstall scr

Key Findings: PromptSpy is the first known Android malware to abuse Google's Gemini AI to maintain persistence on infected devices It can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity as video The malware leverages Gemini AI to analyze the current screen and provide it with step-by-step instructions on how to remain pinned in the recent apps list, preventing easy removal Background ESET researc