Es gab mal wieder ein Problem mit einem npm Paket dessen maintainer gehackt wurde. Das Paket hat dann direkt angefangen einen Trojaner zu Persistieren.

Axion heißt das Paket soweit ich informiert bin (aktuell).

Hat da jemand Informationen zu und/oder zahlen?
Auch das wie ist hier extrem interessant aktuell.
Danke.

#npm #infosec #malware #hacked

TeamPCP software supply chain attack spreads to LiteLLM | ReversingLabs

reversinglabs.com/blog/teampcp…

Short summary: hackerworkspace.com/article/te…

#malware #databreach #cybersecurity

TeamPCP supply chain attack spreads

What started as a compromise of Checkmarx Open VSX plugins on npm has now spread to PyPI and is targeting LiteLLM.

^{Paul Roberts (ReversingLabs)}

TeamPCP injected malicious code into Trivy, Checkmarx tools, and LiteLLM in a supply chain attack designed to steal cloud credentials, tokens, and crypto wallet data.

Read: hackread.com/teampcp-trivy-che…

#CyberSecurity #Malware #TeamPCP #Trivy #Checkmarx #LiteLLM

TeamPCP Hits Trivy, Checkmarx, and LiteLLM in Credential Theft Campaign

Hackers compromised Trivy, Checkmarx, and LiteLLM in a supply chain attack, stealing cloud credentials, tokens, and crypto wallet data from developers.

^{Deeba Ahmed (Hackread - Cybersecurity News, Data Breaches, AI and More)}

RE: aus.social/@decryption/1162384…

Really clever malware taking advantage of the fact that everyone is trying to block slop trainers, so you see cloudflare messages more and more frequently.

Check out the full thread for how it works.

Be careful folx!

#LLMs #AI #Malware #Slop #SlopCity #Cloudflare

decryption (@decryption@aus.social)

Attached: 1 image well that's a new one from cloudflare - i didn't wanna see that website this badly

^{decryption (Aus.Social)}