Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > malware
#malware

Malicious ClawHub Skills Compromise AI Agents With Hidden Backdoors — 247,000 Installs, $2.3M Stolen

30 June 2026  |  dark6  |  Malware

Researchers scanning 50,000 ClawHub skills — the official marketplace for the OpenClaw AI agent platform — found working remote control backdoors, credential stealers, and autonomous malware that installs...

>> read more

LokiBot Returns: Multi-Stage JScript Campaign Uses Process Injection to Steal Credentials

29 June 2026  |  dark6  |  Malware

LokiBot, the decade-old credential stealer, has resurfaced with a sophisticated multi-stage attack chain: a JScript email dropper, in-memory .NET injection, and process hollowing inside aspnet_compiler.exe to silently harvest...

>> read more

Shai-Hulud Malware Expands to npm Ecosystem, Stealing Cloud and CI/CD Credentials From Developers

26 June 2026  |  dark6  |  Malware

A credential-stealing malware campaign known as Shai-Hulud has expanded to target developers using the Leo/RStreams npm package ecosystem, harvesting GitHub tokens, cloud access keys, CI/CD secrets, and SSH...

>> read more

Supply Chain Attack Compromises 140+ Mastra npm Packages, Targeting Developer Credentials and Crypto Wallets

18 June 2026  |  dark6  |  Malware

A sophisticated supply chain attack has compromised over 141 packages in the Mastra-AI npm ecosystem, including @mastra/core which sees 918,000 weekly downloads. Detected on June 17, 2026, the...

>> read more

JS.MonoGlyphRAT: Stealthy New Malware Hidden in Fake Purchase Orders Targets US Enterprises

8 June 2026  |  dark6  |  Malware

A previously unknown remote access trojan called JS.MonoGlyphRAT is spreading through US businesses disguised as routine purchase orders and business quotes. It evades all major antivirus tools by...

>> read more

Operation SilentCanvas: Hackers Hide PowerShell Malware in Fake JPEG to Deploy Trojanized ScreenConnect Backdoor

12 May 2026  |  dark6  |  Malware

Operation SilentCanvas is a new Windows attack campaign that hides a PowerShell script inside a fake JPEG file to deploy a trojanized ScreenConnect backdoor. The multi-stage infection chain...

>> read more

TCLBANKER Banking Trojan Spreads Through Self-Replicating WhatsApp and Outlook Worm Modules

11 May 2026  |  dark6  |  Malware

A highly sophisticated Brazilian banking trojan called TCLBANKER (campaign REF3076) has been uncovered by Elastic Security Labs. The malware uses a legitimate signed Logitech installer via DLL side-loading,...

>> read more

Lazarus Group Targets macOS Users With Sophisticated “Mach-O Man” Four-Stage Malware Kit

30 April 2026  |  dark6  |  Malware

North Korea's Lazarus Group has deployed a new modular macOS malware kit called "Mach-O Man" targeting fintech executives and crypto developers. The attack uses ClickFix social engineering to...

>> read more