Latest news

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
Malware

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor

29 May 2026 dark6

The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux —...
Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns
Malware

Grandoreiro Banking Trojan Returns: Targeting Portuguese Banks and Latin American Companies With Dual Campaigns

29 May 2026 dark6

The long-running Grandoreiro banking trojan has resurfaced with two active campaigns — one using DLL Side-Loading via cloud infrastructure and...
Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor
Malware

Hackers Use Fake ChatGPT and Claude Installers to Deploy DinDoor Backdoor

29 May 2026 dark6

Cybercriminals are distributing trojanized AI application installers on GitHub and SourceForge, luring victims with fake ChatGPT and Claude desktop apps...
Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns
Malware

Void Botnet Routes Commands Through Ethereum Smart Contracts to Evade Law Enforcement Takedowns

27 May 2026 dark6

A new Rust-based botnet sold on cybercrime forums uses Ethereum smart contracts as its command-and-control channel, making traditional infrastructure takedowns...
Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations
Malware

Cloud Atlas APT Patches termsrv.dll to Enable Silent Dual RDP Sessions — Targets Government and Diplomatic Organizations

26 May 2026 dark6

The Cloud Atlas APT group has adopted a stealthy new technique: modifying Windows termsrv.dll to enable multiple simultaneous RDP sessions,...
Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz
Malware

Megalodon Campaign Backdoors 5,500+ GitHub Repositories in Six-Hour CI/CD Blitz

25 May 2026 dark6

The automated "Megalodon" attack campaign pushed malicious CI/CD backdoors into 5,561 GitHub repositories within 6 hours on May 18, 2026,...
Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories
Malware

Supply Chain Attack Backdoors 233 Laravel-Lang Package Versions Across 700 GitHub Repositories

25 May 2026 dark6

Attackers exploited GitHub's tagging system to inject credential-stealing PHP backdoors into 233 versions of Laravel-Lang packages, silently targeting developer cloud...
art-template npm Package Backdoored to Deliver iOS Browser Exploit Kit via Supply Chain Attack
Malware

art-template npm Package Backdoored to Deliver iOS Browser Exploit Kit via Supply Chain Attack

24 May 2026 dark6

Attackers hijacked the widely-used art-template npm library by taking over its maintenance, then injected a sophisticated iOS browser exploit kit...
DevilNFC: New Android Malware Traps Victims in Kiosk Mode During NFC Card Relay Attacks
Malware

DevilNFC: New Android Malware Traps Victims in Kiosk Mode During NFC Card Relay Attacks

21 May 2026 dark6

DevilNFC is a new Android malware that combines NFC relay attacks with Android Kiosk Mode to trap victims inside a...
Void Botnet Weaponizes Ethereum Smart Contracts for Seizure-Proof Command-and-Control Infrastructure
Malware

Void Botnet Weaponizes Ethereum Smart Contracts for Seizure-Proof Command-and-Control Infrastructure

21 May 2026 dark6

The Void Botnet uses Ethereum smart contracts as a seizure-resistant C2 channel, making traditional law enforcement takedowns impossible. Sold on...
Gremlin Stealer Evolves: New Variant Hides C2 URLs in Encrypted Resources and Adds Discord Token Theft
Malware

Gremlin Stealer Evolves: New Variant Hides C2 URLs in Encrypted Resources and Adds Discord Token Theft

21 May 2026 dark6

A newly analyzed Gremlin stealer variant hides C2 URLs inside XOR-encrypted .NET resource sections, making it invisible to static scanners....
Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack
Malware

Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets in Coordinated Supply Chain Attack

19 May 2026 dark6

Four malicious npm packages have been discovered stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, with one variant...