28.
Compromised npm packages abuse Hugging Face as exfil infrastructure
Malicious npm packages deployed a RAT that captured keystrokes, screenshots, and wallet credentials while using Hugging Face repositories as infrastructure
@vxunderground on Backlist
5 appearances on the backlist front page in the last 30 days.
16.
Steam can be relaunched as a debuggable Chromium app
Launching Steam with Chromium debugging enabled allows JavaScript injection through the webSocketDebuggingUrl interface
71.
Someone on social media was bragging they got a CSAM website taken offline. They illustrated this by showing a Cl…
Someone on social media was bragging they got a CSAM website taken offline. They illustrated this by showing a CloudFlare report. The report shows the domain this person reported. CloudFlare clearly states it is being investigated, forward
3.
TrapDoor supply-chain attack hits npm, PyPI, and Crates.io
TrapDoor shows active attackers coordinating malicious releases across npm, PyPI, and Crates.io rather than targeting a single package ecosystem
10.
vx-underground adds roughly 200k malware samples (t.co)
A large public malware archive gives defenders, researchers, and tooling authors more real samples to test against instead of relying on toy datasets