Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials Microsoft disclosed a credential theft campaign that uses SEO poisoning to trick users into downloading fake VPN clients that harvest VPN credentials. The activity, attributed to Storm-2561, delivers digitally signed trojans via attacker-controlled sites and abused GitHub repositories to sideload malicious DLLs and deploy information stealers. #Storm-2561 #Hyrax #Bumblebee #Ivanti #SonicWall...

Storm-2561 uses SEO poisoning to trick users into downloading trojanized VPN clients from attacker sites and GitHub. Digitally signed installers sideload malicious DLLs to steal VPN credentials via Bumblebee loaders. #Storm2561 #GitHubAbuse

Fake Next.js Job Repos Spread Malware AI
Read More: buff.ly/tGWKeKt

#NextJS #MaliciousRepo #DeveloperSecurity #SupplyChainAttack #GitHubAbuse #AIenabledThreats #Infostealer #ThreatIntel

Malicious Npm Packages Steal Secrets
Read More: buff.ly/ZvuFHlP

#SANDWORMMODE #npmSecurity #SupplyChainAttack #PromptInjection #GitHubAbuse #CredentialTheft #AIcodingRisk #ThreatIntel

Malware-as-a-Service Operation Leverages Public GitHub Repos to Host Emmenhtal Loader and Amadey

GitHub is the new attack vector.

A MaaS group used public repos to push Emmenhtal, Amadey & AsyncRAT malware—mirroring Ukraine SmokeLoader ops.

Fake dev accounts + legit tools like PuTTY = stealthy payloads.
📌 Full story via TechNadu:
www.technadu.com/malware-as-a...

#CyberThreat #GitHubAbuse