Geek-Guy.com

Tag: package

AI, Compliance, Cybersecurity, Exploits, Global Security News, malware, Risk Management

Attack targeting OpenAI Codex users exposes AI software supply chain risks

A malicious npm package posing as a remote user interface for OpenAI Codex exfiltrated developer authentication tokens, after attackers allegedly published code to npm that was not visible in the project’s public GitHub repository. Researchers at Aikido said the package, called codexui-android, appeared to offer legitimate functionality while collecting authentication tokens and sending them to…

Read more →

AI, Cybersecurity, Global Security News

Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets

Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil’s largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through 2.0.4 of “Sicoob.Sdk” contain functionality to exfiltrate sensitive information, including PFX certificates that are used to

Read more →

AI, Cybersecurity, Global Security News

Malicious npm Package Stole Files From Claude AI User Directory via GitHub

Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named “mouse5212-super-formatter,” is designed to upload files from “/mnt/user-data,” a dedicated directory used by Anthropic’s Claude artificial intelligence (AI) tool to handle uploads and outputs in the background. The

Read more →

AI, Cybersecurity, Endpoint, Global Security News, malware, Network Security

TrapDoor malware campaign puts developer workstations in CISO spotlight

A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at Socket said the campaign, which they are tracking as TrapDoor, “spans more than 34 malicious packages and 384+ related versions and artifacts” across the three…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, malware

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub’s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. Bottom line up front Three escalations stacked inside a single week. First, GitHub’s CISO Alexis Wales publicly named a malicious Nx Console…

Read more →

AI, Data Breaches, Endpoint, Exploits, Global Security News, malware

TeamPCP Supply Chain Campaign: Activity Through 2026-05-24, (Mon, May 25th)

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub’s own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub. Bottom line up front Three escalations stacked inside a single week. First, GitHub’s CISO Alexis Wales publicly named a malicious Nx Console…

Read more →

AI, Apps, Europe, Exploits, Global Security News, malware

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. Unlike last week’s high-profile npm attack on TanStack, which exploited a complex GitHub Actions cache poisoning weakness, the latest incident early on May 19 took the more conventional…

Read more →

AI, Apps, Global Security News, malware, Network Security, Russia

Expired domain leads to supply chain attack on node-ipc npm package

A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root cause of the compromise was an expired domain name that attackers managed to register in order to hijack a maintainer’s account. The node-ipc package has had malware added to its code in the past.…

Read more →

AI, Apps, Exploits, Global Security News, Network Security, Risk Management

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, developers using this library in their applications are urged to update the software to the latest version, which is currently 3.11.2. The warnings…

Read more →

Cybersecurity, Global Security News, malware

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky 

Read more →

Global Security News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,”

Read more →

Cybersecurity, Global Security News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic’s Claude Opus large language model (LLM). The package in question is “@validate-sdk/v2,” which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However,…

Read more →

AI, Global Security News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts “specifically to me” by first approaching him under the guise of the founder of…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management

Axios npm Attack Deploys Cross-Platform RAT

A brief compromise of the popular Axios npm package shows how quickly a trusted dependency can become a widespread threat.  Attackers hijacked a maintainer account and published malicious versions that silently installed a remote access trojan (RAT) during routine package installs, putting developer environments and CI/CD pipelines at risk. “While traditional risks like manual dependency…

Read more →

AI, Apps, Exploits, Global Security News, Risk Management

ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance

ENISA’s first Technical Advisory on Secure Package Managers helps developers safely use third-party packages. ENISA has released its first Technical Advisory on Package Managers, focusing on how developers can safely consume third-party packages. The document (March 2026, v1.1) follows public feedback incorporating 15 contributions from stakeholders, experts, and the open-source community. “This document focuses on…

Read more →

AI, Apps, Data Breaches, Endpoint, Global Security News, malware, Network Security, Risk Management

Fake OpenClaw npm Package Installs GhostClaw Malware

A malicious npm package is targeting developers by posing as a legitimate command-line tool while secretly deploying an infostealer and a remote access trojan (RAT).  The package, @openclaw-ai/openclawai, masquerades as an OpenClaw Installer utility but instead initiates a multi-stage malware operation.  Once executed, it attempts to steal credentials, cryptocurrency wallets, SSH keys, browser data, and…

Read more →

AI, Apps, Global Security News, malware

Devs looking for OpenClaw get served a GhostClaw RAT

A malicious npm package posing as an OpenClaw Installer has been caught deploying a remote access trojan (RAT) on victim machines, according to new JFrog research. The package, published under the name “@openclaw-ai/openclawai”, pretends to be an installer for the legitimate CLI tool but instead launches a multi-stage infection chain that steals system credentials, browser…

Read more →

AI, Cybersecurity, Global Security News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named “@openclaw-ai/openclawai,” was uploaded to the registry by a user named “openclaw-ai” on March 3, 2026. It has been downloaded 178 times to date. The…

Read more →

AI, Cybersecurity, Funding, Global Security News

Congress looks to revive critical cyber program for rural electric utilities

The House Energy and Commerce committee unanimously passed a package of bipartisan cybersecurity bills Thursday targeting the energy sector, including legislation that would reauthorize and fund a critical federal cybersecurity assistance program for rural electric utilities across the country. The Rural and Municipal Utility Cybersecurity Act, introduced by Reps. Mariannette Miller-Meeks, R-Iowa, and Jennifer McClellan,…

Read more →

AI, Global Security News, Risk Management

New Malicious npm Package Highlights the Speed at Which Supply Chain Risks Propagate

GUEST RESEARCH:  Tenable Research investigated a malicious package in the npm public registry named “amber-src” that underscores the rapid nature of modern supply chain attacks. The package, which was downloaded approximately 50,000 times before its removal, was designed to mimic a popular package “ember-source”, to infect developers’ systems across Windows, macOS, and Linux.

Read more →

AI, Cybersecurity, Global Security News

Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens

Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector. The package, codenamed StripeApi.Net, attempts to masquerade as Stripe.net, a legitimate library from Stripe that has over 75 million downloads. It was uploaded by…

Read more →

AI, Cybersecurity, Global Security News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group. The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It’s assessed to be active…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →

AI, Data Security, Global Security News, malware, Network Security, privacy, text scam, texting scam, Webroot Blog

Mobile security matters: Protecting your phone from text scams

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you know what to look out…

Read more →