SecurityWeek

Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience

Aeternum C2, a native C++ botnet loader, operates on smart contracts on the Polygon blockchain, increasing its resilience.
The Hacker News

Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware

While the Windows maker did not attribute the activity to a specific threat actor, the use of VS Code tasks and Vercel ...
IEEE

My Model is Malware to You: Transforming AI Models into Malware by Abusing TensorFlow APIs

Abstract: The rapid advancement of AI technologies has significantly increased the demand for AI models across various industries. While model sharing reduces costs and fosters innovation, it also ...

Chainguard Customers Have 94% Python Ecosystem Coverage for Their Environments

Chainguard, the trusted source for open source, today announced it has expanded Chainguard Libraries coverage across Python, Java, and JavaScript, with customers seeing 94% coverage across the Python ...
InfoWorld

Google’s Android developer verification program draws pushback

In an open letter to Google and the Android developer community, Keep Android Open argues that the new policy threatens ...
Dark Reading

Malicious Next.js Repos Target Developers Via Fake Job Interviews

Linked to North Korean fake job-recruitment campaigns, the poisoned repositories are aimed at establishing persistent C2 ...
SecurityWeek

‘Arkanix Stealer’ Malware Disappears Shortly After Debut

The Arkanix Stealer malware can collect and exfiltrate system information, browser data, VPN information, and arbitrary files ...
CSO Online

Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a ...

ASD releases Azul open-source malware analysis tool

Sample files for Azul are kept in a Simple Storage Service (S3) compatible binary large object (blob) store, and processed ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.

Russian hacker uses multiple AI tools to break hundreds of firewalls

A Russian hacker was recently seen brute-forcing their way into hundreds of firewalls - but what makes this campaign really stand out is the fact that the seemingly low-skilled threat actor was able ...