Explore

Trendline Trendline
PCPJack Campaign Targets TeamPCP Artifacts in Cloud Infrastructure

PCPJack Campaign Targets TeamPCP Artifacts in Cloud Infrastructure

PCPJack Campaign Targets TeamPCP Artifacts in Cloud Infrastructure
Rapid Read Rapid Read
PCPJack Cloud Worm Targets TeamPCP Hacker Infrastructure, Raises Security Concerns

PCPJack Cloud Worm Targets TeamPCP Hacker Infrastructure, Raises Security Concerns

SentinelLabs researchers have identified a new malware, named PCPJack, which targets and removes malicious code previously planted by the TeamPCP supply chain hackers. Discovered on April 28 through Google's VirusTotal malware scanning service, PCPJack replaces the existing malicious code with its own. The malware is designed to steal credentials from various services, including cloud, container, developer, productivity, and financial services. It exhibits worm-like behavior, attempting to propagate itself across exposed cloud infrastructures and move laterally within victim environments. Targeted services include Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. Unlike other malware, PCPJack does not deploy cryptocurrency mining software but instead monetizes through activities such as resale of stolen access, credential theft, fraud, spam, and extortion. SentinelLabs suggests that the PCPJack attacker may be a former operator familiar with TeamPCP's tools.
Rapid Read Rapid Read
New Malware 'PCPJack' Targets Cloud Infrastructure, Replaces TeamPCP Code

New Malware 'PCPJack' Targets Cloud Infrastructure, Replaces TeamPCP Code

SentinelLabs researchers have identified a new malware named 'PCPJack' that targets cloud infrastructure by removing malicious code planted by the TeamPCP hackers and replacing it with its own. Discovered on April 28, PCPJack was found through a hunting rule on Google's VirusTotal service. The malware installs a Python virtual environment and downloads modules to steal credentials from various services, including Docker, Kubernetes, and MongoDB. Unlike typical malware, PCPJack does not deploy cryptocurrency mining software but instead focuses on credential theft and fraud. The malware's worm-like behavior allows it to propagate across cloud environments.
Trendline Trendline
Quasar Linux RAT Targets Software Developers with Credential Theft

Quasar Linux RAT Targets Software Developers with Credential Theft

Quasar Linux RAT Targets Software Developers with Credential Theft
Rapid Read Rapid Read
Quasar Linux RAT Targets Software Developers, Threatens Credential Security

Quasar Linux RAT Targets Software Developers, Threatens Credential Security

A newly identified Linux backdoor, named Quasar Linux (QLNX), is targeting software developers by stealing credentials across the software supply chain, according to Trend Micro. The RAT (Remote Access Trojan) features a modular architecture and employs multiple persistence and detection evasion mechanisms. It is designed to steal developer credentials, keys, and tokens, potentially granting attackers access to development tools, cloud environments, and repositories. The malware targets AWS credentials, Kubernetes tokens, Docker Hub credentials, Git access tokens, NPM authentication tokens, and PyPI API keys. This could allow attackers to publish malicious packages through compromised developer accounts. The RAT operates in memory, spoofs its process name, and can delete itself to evade detection. It also performs system reconnaissance, hides specific processes, ports, and files, and clears system logs.
Rapid Read Rapid Read
Quasar Linux RAT Targets Software Developers, Threatens Supply Chain Security

Quasar Linux RAT Targets Software Developers, Threatens Supply Chain Security

A sophisticated Linux backdoor, named Quasar Linux (QLNX), has been identified by Trend Micro as a significant threat to software developers. This Remote Access Trojan (RAT) is designed to steal developer credentials across the software supply chain. It features a modular architecture, multiple persistence and detection evasion mechanisms, and a rootkit that provides attackers with remote access to infected machines. The primary goal of QLNX is to steal credentials, keys, and tokens that could grant access to development tools, cloud environments, and repositories. It specifically targets AWS credentials, Kubernetes tokens, Docker Hub credentials, Git access tokens, NPM authentication tokens, and PyPI API keys. The malware is capable of deploying a Pluggable Authentication Module (PAM) backdoor to harvest credentials and gather extensive system information.
Trendline Trendline
Vimeo Data Breach Exposes 119,000 User Records Due to Third-Party Integration Compromise

Vimeo Data Breach Exposes 119,000 User Records Due to Third-Party Integration Compromise

Vimeo Data Breach Exposes 119,000 User Records Due to Third-Party Integration Compromise
Rapid Read Rapid Read
Fake Claude AI Site Distributes Beagle Backdoor Malware to Windows Users

Fake Claude AI Site Distributes Beagle Backdoor Malware to Windows Users

A fraudulent website mimicking Anthropic's Claude AI has been identified as distributing a new backdoor malware named Beagle. The site, claude-pro[.]com, offers a fake tool called Claude-Pro Relay, which, when downloaded, installs malware through a DLL sideloading chain. This campaign, analyzed by Sophos X-Ops, uses a signed antivirus updater to execute the malicious DLL, leading to the deployment of the Beagle backdoor. The malware supports various commands, including shell execution and file transfer, and communicates with its command-and-control server using encrypted traffic.
Trendline Trendline
Mitiga Labs Identifies Vulnerability in Claude Code Allowing OAuth Token Theft

Mitiga Labs Identifies Vulnerability in Claude Code Allowing OAuth Token Theft

Mitiga Labs Identifies Vulnerability in Claude Code Allowing OAuth Token Theft
Rapid Read Rapid Read
Instructure's Canvas Platform Faces Second Cyberattack by ShinyHunters, Data of Millions at Risk

Instructure's Canvas Platform Faces Second Cyberattack by ShinyHunters, Data of Millions at Risk

Instructure, the company behind the Canvas learning management system, has been targeted by a second cyberattack from the hacking group ShinyHunters. This group claims to have accessed personal information of 275 million individuals across nearly 9,000 educational institutions. The compromised data reportedly includes names, email addresses, student ID numbers, and user messages, though Instructure asserts that sensitive information such as passwords and financial details were not involved. The hackers have demanded a ransom to prevent the release of the stolen data, setting a deadline for May 12th. Instructure has acknowledged the breach and is investigating, having temporarily taken the platform offline for maintenance.
Rapid Read Rapid Read
Instructure Data Breach Exposes 275 Million Users' Information Across 9,000 Institutions

Instructure Data Breach Exposes 275 Million Users' Information Across 9,000 Institutions

Instructure, the company behind the Canvas learning management system, has experienced a significant data breach orchestrated by the hacking group ShinyHunters. The breach, which occurred on April 30, 2026, involved the theft of 3.65 terabytes of data affecting 275 million users across nearly 9,000 educational institutions worldwide. This includes private messages between students and educators. The breach highlights a structural vulnerability in the education sector, where a single vendor's security lapse can impact numerous institutions. Instructure has since patched the vulnerability, but the breach underscores the risks associated with vendor concentration in education technology.
Trendline Trendline
Trellix Source Code Repository Breached, Raising Concerns Over Supply Chain Security

Trellix Source Code Repository Breached, Raising Concerns Over Supply Chain Security

Trellix Source Code Repository Breached, Raising Concerns Over Supply Chain Security