七月07 forge-jsxy:不斷更改名稱的 npm 資訊竊取工具 發表於16:16h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
七月06 GhostTracker:一個 npm 木馬程序,在被查封後數小時內就重新命名,並且保留了相同的 C2 伺服器。 發表於10:14h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
七月03 SkillLeak:透過 MCP 技能提供的瀏覽器憑證解密器 發表於08:52h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
30軍 DeviceDoor:一個公開的 npm 包,提供 Microsoft 365 裝置程式碼網路釣魚和大量郵件框架 發表於14:41h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
22軍 CryptoDAO 混亂:十一個 npm 包,一個有效載荷,收割 CI/CD 以及加密錢包金鑰 發表於11:05h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
22軍 權限單:npm「授權研究」的掩護故事隱藏了雲端元資料探測和系統持久性 發表於09:55h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
12軍 外質:npm 安裝 hooks 僅透過容器觸發器收集 AWS 憑證 發表於12:15h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
09軍 SeedSweep:十個只在無人監控時運行的加密貨幣主題 npm 包 發表於11:12h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
05軍 PairLoop:一個 npm 套件,七十個版本,以及一個隱藏的 Windows 遠端控制面板 發表於11:48h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
04軍 ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting 發表於12:00h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
五月29 JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It 發表於11:58h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多
五月22 RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\ 發表於12:52h in 攻擊分析, 必讀, 機密安全 by Xygeni 安全團隊 0 個評論 Uncover the details of The 24712-pl Campaign and the zero-dependency packages exploited during a security incident.... 閱讀更多