Posts

Megalodon Malware Compromises Thousands of GitHub Repositories Through CI/CD Backdoors

Image
One of the Largest GitHub Supply Chain Attacks Ever Recorded Is Underway As an independent cybersecurity blogger and part time penetration tester, software supply chain attacks are rapidly evolving beyond poisoned packages into direct attacks against the CI/CD infrastructure powering modern development itself. Researchers are now tracking a massive automated campaign dubbed Megalodon , which compromised: More than 5,500 GitHub repositories Thousands of GitHub Actions workflows CI/CD runners Cloud deployment environments Developer ecosystems. According to SafeDep researchers, the attackers pushed: 5,718 malicious commits Across 5,561 repositories Within approximately six hours. The campaign injected malicious GitHub Actions workflows designed to: Steal cloud credentials Exfiltrate GitHub tokens Harvest SSH keys Extract CI/CD secrets Abuse OIDC authentication workflows. Researchers warn this campaign represents a major escalation in software suppl...
Post a Comment
Read more

Dark Web Brokers Repackage Old Breaches as New Leaks to Scam Buyers and Fuel Attacks

Image
Cybercriminals Are Rebranding Old Data Breaches as “New” Leaks As an independent cybersecurity blogger and part time penetration tester, one of the most overlooked trends in cybercrime today is not necessarily the theft of new data. It is the industrial scale recycling of old stolen data. Researchers are warning that dark web brokers are increasingly: Repackaging historic breach data Relabeling outdated leaks as fresh compromises Selling recycled credential databases Inflating breach claims for profit and extortion. Threat actors operating across: Telegram channels Dark web forums Breach marketplaces Underground broker ecosystems are allegedly taking: Previously leaked credentials Old corporate databases Historic customer records Legacy credential dumps and marketing them as newly compromised enterprise data. Researchers warn this trend is fueling: Credential stuffing attacks Extortion campaigns Phishing operations Fake breach claims Su...
Post a Comment
Read more

macOS Malware Installs Fake Google Software to Steal Credentials and Crypto Wallets

Image
A New macOS Malware Campaign Is Pretending To Be Google Software Updates As an independent cybersecurity blogger and part time penetration tester, modern macOS malware campaigns are increasingly abandoning obvious malicious behavior in favor of stealth, branding abuse, and trusted software impersonation. Researchers have now uncovered a sophisticated macOS infostealer campaign that installs: Fake Google software update components Malicious LaunchAgents Persistence backdoors Credential stealers while disguising itself as legitimate macOS security activity. The malware, identified as a new variant of: SHub Stealer Also referred to as “Reaper” in some research targets users attempting to download: Popular productivity software AI tools Collaboration applications macOS utilities. Researchers warn the campaign is especially dangerous because the malware continuously changes its appearance to look legitimate at every stage of the infection chain. What Happ...
Post a Comment
Read more

Hackers Exploiting Critical NGINX RCE Vulnerability to Crash Servers and Gain Access

Image
An 18 Year Old NGINX Vulnerability Is Now Being Exploited in the Wild As an independent cybersecurity blogger and part time penetration tester, vulnerabilities affecting internet infrastructure software are among the most dangerous security events organizations can face. The latest example involves a newly exploited flaw in: NGINX Open Source NGINX Plus F5 NGINX products tracked as: CVE-2026-42945 Also known as NGINX Rift   Researchers confirmed attackers are already exploiting the vulnerability in the wild only days after public disclosure. The flaw carries a: CVSS score of 9.2 Critical Potential for unauthenticated remote code execution Ability to crash NGINX worker processes remotely What makes this especially alarming is that the vulnerability reportedly existed undetected since: 2008 Across nearly two decades of NGINX deployments worldwide. What Happened: Attackers Began Exploiting CVE-2026-42945 Researchers from depthfirst and F5 discl...
Post a Comment
Read more