250개 이상의 가짜 채용 제안을 통한 개발자 맞춤형 C2 백도어 침투 및 자산 탈취
Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto
Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto
The Bot That Never Was
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
PREDICTION-20260422-0001: status-in-transgressive-subculture [2026-Q3 through 2027-Q1]
Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub
Cache-poisoning caper turns TanStack npm packages toxic
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
I watched Shai Hulud steal credentials from teams running npm audit. Here's the gap nobody talks about.
PyPI의 litellm 1.82.8 패키지가 .pth 파일 자동 실행 기능을 악용해 API 키·SSH 키·클라우드 토큰 등 모든 자격 증명을 탈취
LiteLLM loses game of Trivy pursuit, gets compromised
LiteLLM Python package compromised by supply-chain attack