Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us.
One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and servers are in play.
Every story below is a reminder that your “safe” tools might be the real weak spot.
âš¡ Threat of the Week
Shai-Hulud Returns with More Aggression — The npm registry was targeted a second time by a self-replicating worm that went by the moniker “Sha1-Hulud: The Second Coming,” affecting over 800 packages and 27,000 GitHub repositories. Like in the previous iteration, the main objective was to steal sensitive data like API keys, cloud credentials, and npm and GitHub authentication information, and facilitate deeper supply chain compromise in a worm-like fashion. The malware also created GitHub Actions workflows that allow for command-and-control (C2) and injected GitHub Actions workflow mechanisms to steal repository secrets. Additionally, the malware backdoored every npm package maintained by the victim, republishing them with malicious payloads that run during package installation. “Rather than relying solely on Node.js, which is more heavily monitored, the malware dynamically installs Bun during package installation, benefiting from its high performance and self-contained architecture to execute large payloads with improved stealth,” Endor Labs said. “This shift likely helps the malware evade traditional defenses tuned specifically to observe Node.js behavior.” GitGuardian’s analysis revealed a total of 294,842 secret occurrences, which correspond to 33,185 unique secrets. Of these, 3,760 were valid as of November 27, 2025. These included GitHub access tokens, Slack webhook URLs, GitHub OAuth tokens, AWS IAM keys, OpenAI Project API keys, Slack bot tokens, Claude API keys, Google API Keys, and GitLab tokens. Trigger.dev, which had one of its engineers installing a compromised package on their development machine, said the incident led to credential theft and unauthorized access to its GitHub organization. The Python Package Index (PyPI) repository said it was not impacted by the supply chain incident.
🔔 Top News
- ToddyCat Steals Outlook Emails and Microsoft 365 Access Tokens — Attackers behind the ToddyCat advanced persistent threat (APT) toolkit have evolved to stealing Outlook mail data and Microsoft 365 Access tokens. The APT group has refined its toolkit in late 2024 and early 2025 to capture not only browser credentials, as previously seen, but also victims’ actual email archives and access tokens. The activity marks the second major shift in ToddyCat’s tooling this year, following an April 2025 campaign where the group abused a vulnerability in…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
