Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen
Researchers scanning 50,000 ClawHub skills — the official marketplace for the OpenClaw AI agent platform — found working remote control backdoors, credential stealers, and autonomous malware that installs...
LokiBot Returns: Multi-Stage JScript Campaign Uses Process Injection to Steal Credentials
LokiBot, the decade-old credential stealer, has resurfaced with a sophisticated multi-stage attack chain: a JScript email dropper, in-memory .NET injection, and process hollowing inside aspnet_compiler.exe to silently harvest...
Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers
A credential-stealing malware campaign known as Shai-Hulud has expanded to target developers using the Leo/RStreams npm package ecosystem, harvesting GitHub tokens, cloud access keys, CI/CD secrets, and SSH...
Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets
A sophisticated supply chain attack has compromised over 141 packages in the Mastra-AI npm ecosystem, including @mastra/core which sees 918,000 weekly downloads. Detected on June 17, 2026, the...
JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises
A previously unknown remote access trojan called JS.MonoGlyphRAT is spreading through US businesses disguised as routine purchase orders and business quotes. It evades all major antivirus tools by...
Operation SilentCanvas: Hackers Hide PowerShell Malware in Fake JPEG to Deploy Trojanized ScreenConnect Backdoor
Operation SilentCanvas is a new Windows attack campaign that hides a PowerShell script inside a fake JPEG file to deploy a trojanized ScreenConnect backdoor. The multi-stage infection chain...
TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules
A highly sophisticated Brazilian banking trojan called TCLBANKER (campaign REF3076) has been uncovered by Elastic Security Labs. The malware uses a legitimate signed Logitech installer via DLL side-loading,...
Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit
North Korea's Lazarus Group has deployed a new modular macOS malware kit called "Mach-O Man" targeting fintech executives and crypto developers. The attack uses ClickFix social engineering to...