Search
1000 results for “alien”
-
TanStack npm Packages Compromised in Ongoing Supply-Chain Attack
Socket detected 84 compromised TanStack npm package artifacts modified with credential-stealing malware targeting CI systems, including GitHub Actions. Affected packages like @tanstack/react-router have over 12 million weekly downloads. The malicious versions contain router_init.js, a heavily obfuscated file with daemonization capabilities and environment variable access for GitHub Actions secrets. The compromise exploited GitHub Actions cache poisoning and pull_request_target patterns to extract OIDC tokens and authenticate malicious npm publishes through trusted-publisher bindings. The malware harvests credentials from GitHub Actions, AWS (IMDS, Secrets Manager, SSM), HashiCorp Vault, and Kubernetes, while establishing persistence in Claude Code and VS Code directories. Exfiltration occurs through Session's decentralized P2P network. The campaign includes self-propagation mechanisms that steal npm OIDC tokens and autonomously republish compromised packages. Updates indicate expansion to OpenSearch, Mistr...
Pulse ID: 6a033148e786c959261ff66f
Pulse Link: https://otx.alienvault.com/pulse/6a033148e786c959261ff66f
Pulse Author: AlienVault
Created: 2026-05-12 13:55:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AWS #CyberSecurity #ELF #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #RAT #Rust #SMS #bot #AlienVault
-
Iran-Linked Hackers Breached Korean Electronics Maker in Global Spying Campaign
Iranian state-sponsored threat group Seedworm conducted a widespread espionage campaign in early 2026, compromising at least nine organizations across nine countries on four continents. Victims included a major South Korean electronics manufacturer, government agencies, an international airport in the Middle East, Southeast Asian industrial manufacturers, a Latin American financial services provider, and educational institutions. The attackers utilized DLL sideloading techniques with legitimately signed Fortemedia and SentinelOne binaries to execute malicious payloads, deployed Node.js-based implants for orchestration, and employed multiple PowerShell scripts for reconnaissance, credential theft, and privilege escalation. Data exfiltration was conducted through public file-transfer service sendit.sh to blend malicious traffic with legitimate cloud services. The campaign demonstrates Seedworm's evolved tradecraft and expanded targeting beyond traditional Middle Eastern focus areas.
Pulse ID: 6a033220a0063c7c2a4f1d8f
Pulse Link: https://otx.alienvault.com/pulse/6a033220a0063c7c2a4f1d8f
Pulse Author: AlienVault
Created: 2026-05-12 13:58:56Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Asia #Cloud #CyberSecurity #Education #Espionage #Government #ICS #InfoSec #Iran #Korea #LatinAmerica #MiddleEast #Nodejs #OTX #OpenThreatExchange #PowerShell #RAT #SeedWorm #SentinelOne #SideLoading #SouthKorea #Worm #bot #AlienVault
-
Beep Boop: Alien hates doing #selfPromo so made a bot to do it instead!
I love drawing dungeon maps & have #ttrpg modules, games, & bunches of free maps on Itch!
& I take map commissions too!
https://alien-sunset.itch.iocheck out https://alien-sunset.neocities.org for all the cool things I do!
-
Beep Boop: Alien hates doing #selfPromo so made a bot to do it instead!
I love drawing dungeon maps & have #ttrpg modules, games, & bunches of free maps on Itch!
& I take map commissions too!
https://alien-sunset.itch.iocheck out https://alien-sunset.neocities.org for all the cool things I do!
-
Beep Boop: Alien hates doing #selfPromo so made a bot to do it instead!
I love drawing dungeon maps & have #ttrpg modules, games, & bunches of free maps on Itch!
& I take map commissions too!
https://alien-sunset.itch.iocheck out https://alien-sunset.neocities.org for all the cool things I do!
-
Beep Boop: Alien hates doing #selfPromo so made a bot to do it instead!
I love drawing dungeon maps & have #ttrpg modules, games, & bunches of free maps on Itch!
& I take map commissions too!
https://alien-sunset.itch.iocheck out https://alien-sunset.neocities.org for all the cool things I do!
-
Beep Boop: Alien hates doing #selfPromo so made a bot to do it instead!
I love drawing dungeon maps & have #ttrpg modules, games, & bunches of free maps on Itch!
& I take map commissions too!
https://alien-sunset.itch.iocheck out https://alien-sunset.neocities.org for all the cool things I do!
-
"You were my everything"
-
Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
Two distinct threat campaigns, SHADOW-AETHER-040 and SHADOW-AETHER-064, have been identified targeting government entities and financial organizations across Latin America using agentic artificial intelligence to conduct cyber intrusions. SHADOW-AETHER-040, a Spanish-speaking group, compromised six government entities in Mexico between December 2025 and January 2026, while SHADOW-AETHER-064, operating in Portuguese, targeted Brazilian financial institutions starting in April 2026. Both campaigns established SOCKS5 tunnels via ProxyChains and SSH, enabling AI agents to execute commands directly within victim networks. The AI agents dynamically generated hacking tools and scripts on-demand, reducing detection by signature-based security solutions. Despite tactical similarities including shared toolsets like Chisel, Neo-reGeorg, CrackMapExec, and Impacket, the campaigns appear to be separate entities distinguished primarily by language. These operations represent emerging cases of AI agents executing complete...
Pulse ID: 6a02ea171e7005022d5c8a6f
Pulse Link: https://otx.alienvault.com/pulse/6a02ea171e7005022d5c8a6f
Pulse Author: AlienVault
Created: 2026-05-12 08:51:35Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Brazil #CyberSecurity #Government #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Proxy #RAT #SSH #bot #socks5 #AlienVault
-
Après la référence à la franchise #alien voici un CTF sur l'environnement #TRON
Saurez vous battre MCP ?#Cybersécurité #teamprof #teameduc
#education #informatique #hack #NSI #filmcultecyber-learning.fr
-
Après la référence à la franchise #alien voici un CTF sur l'environnement #TRON
Saurez vous battre MCP ?#Cybersécurité #teamprof #teameduc
#education #informatique #hack #NSI #filmcultecyber-learning.fr
-
Après la référence à la franchise #alien voici un CTF sur l'environnement #TRON
Saurez vous battre MCP ?#Cybersécurité #teamprof #teameduc
#education #informatique #hack #NSI #filmcultecyber-learning.fr
-
@AlienJay https://mastodon.social/@Karl_Theodor/115898762523498914 #biggerthanus 😀 👯 🌱 wie nennst du das?
-
@AlienJay https://mastodon.social/@Karl_Theodor/115898762523498914 #biggerthanus 😀 👯 🌱 wie nennst du das?
-
@AlienJay https://mastodon.social/@Karl_Theodor/115898762523498914 #biggerthanus 😀 👯 🌱 wie nennst du das?
-
@AlienJay https://mastodon.social/@Karl_Theodor/115898762523498914 #biggerthanus 😀 👯 🌱 wie nennst du das?
-
@AlienJay https://mastodon.social/@Karl_Theodor/115898762523498914 #biggerthanus 😀 👯 🌱 wie nennst du das?
-
@AlienJay wie recht Du hast. Es gibt viele negative Entwicklungen in unserer Zivilisation. Trotzdem bin ich hoffnungsvoll, denn die #Zukunft ist unvorhersehbar und nicht linear. Es gibt immer wieder Brüche und Weiterentwicklungen, meist durch Katastrophen ausgelöst. Wir werden wohl nicht verschont bleiben. Als #Eltern haben wir besondere #Verantwortung, die wir nicht delegieren sollten. Wie werden unsere Kinder und Enkel einmal denken, über unsere Entwicklung, falls sie überleben❓ #biggerthanus
-
@AlienJay wie recht Du hast. Es gibt viele negative Entwicklungen in unserer Zivilisation. Trotzdem bin ich hoffnungsvoll, denn die #Zukunft ist unvorhersehbar und nicht linear. Es gibt immer wieder Brüche und Weiterentwicklungen, meist durch Katastrophen ausgelöst. Wir werden wohl nicht verschont bleiben. Als #Eltern haben wir besondere #Verantwortung, die wir nicht delegieren sollten. Wie werden unsere Kinder und Enkel einmal denken, über unsere Entwicklung, falls sie überleben❓ #biggerthanus
-
@AlienJay wie recht Du hast. Es gibt viele negative Entwicklungen in unserer Zivilisation. Trotzdem bin ich hoffnungsvoll, denn die #Zukunft ist unvorhersehbar und nicht linear. Es gibt immer wieder Brüche und Weiterentwicklungen, meist durch Katastrophen ausgelöst. Wir werden wohl nicht verschont bleiben. Als #Eltern haben wir besondere #Verantwortung, die wir nicht delegieren sollten. Wie werden unsere Kinder und Enkel einmal denken, über unsere Entwicklung, falls sie überleben❓ #biggerthanus
-
@AlienJay wie recht Du hast. Es gibt viele negative Entwicklungen in unserer Zivilisation. Trotzdem bin ich hoffnungsvoll, denn die #Zukunft ist unvorhersehbar und nicht linear. Es gibt immer wieder Brüche und Weiterentwicklungen, meist durch Katastrophen ausgelöst. Wir werden wohl nicht verschont bleiben. Als #Eltern haben wir besondere #Verantwortung, die wir nicht delegieren sollten. Wie werden unsere Kinder und Enkel einmal denken, über unsere Entwicklung, falls sie überleben❓ #biggerthanus
-
@AlienJay wie recht Du hast. Es gibt viele negative Entwicklungen in unserer Zivilisation. Trotzdem bin ich hoffnungsvoll, denn die #Zukunft ist unvorhersehbar und nicht linear. Es gibt immer wieder Brüche und Weiterentwicklungen, meist durch Katastrophen ausgelöst. Wir werden wohl nicht verschont bleiben. Als #Eltern haben wir besondere #Verantwortung, die wir nicht delegieren sollten. Wie werden unsere Kinder und Enkel einmal denken, über unsere Entwicklung, falls sie überleben❓ #biggerthanus
-
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
Threat actors are actively exploiting AI distribution platforms like Hugging Face and ClawHub to deliver malware by embedding malicious code within models, datasets, and agent extensions. Over 575 malicious skills across 13 developer accounts were identified in the OpenClaw ecosystem, targeting Windows and macOS with trojans, cryptominers, and AMOS stealer. Attackers abuse trust relationships between users and AI platforms through indirect prompt injection, where hidden instructions cause AI agents to execute malicious actions on behalf of users. Trojanized skills masquerade as legitimate tools while instructing users to execute encoded commands or install hidden malicious dependencies. On Hugging Face, repositories host payloads within multistep infection chains disguised as legitimate applications. These campaigns employ social engineering, obfuscation, encryption, in-memory execution, process injection, and persistence techniques to evade detection while establishing covert command-and-control communica...
Pulse ID: 6a01c2363e7f67fcbed473cb
Pulse Link: https://otx.alienvault.com/pulse/6a01c2363e7f67fcbed473cb
Pulse Author: AlienVault
Created: 2026-05-11 11:49:10Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AMOS #CryptoMiner #CyberSecurity #Encryption #HuggingFace #InfoSec #Mac #MacOS #Malware #OTX #OpenThreatExchange #Rust #SocialEngineering #SupplyChain #Trojan #Windows #bot #AlienVault
-
@brib the removable cross stitch mesh for clothing is called "waste canvas" (excuse the amazon link: https://a.co/d/0bJu5Sgz)
i've used it for #visibleMending on my son's shirts before and it's awesome: https://dice.camp/@Alien_Sunset/114274341002922579
-
@brib the removable cross stitch mesh for clothing is called "waste canvas" (excuse the amazon link: https://a.co/d/0bJu5Sgz)
i've used it for #visibleMending on my son's shirts before and it's awesome: https://dice.camp/@Alien_Sunset/114274341002922579
