pip0

The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions | Datadog Security Labs Analysis of a threat actor campaign targeting Solidity developers via three malicious VS Code extensions

🚨 The obfuscation game: MUT-9332 targets Solidity developers via malicious VS Code extensions!

Deep dive analysis in this obfuscated campaign including (PowerShell & VBS scripts, PE malware, Malicious browser extensions even stegomalware)

Enjoy reading securitylabs.datadoghq.com/articles/mut...

Leaving SF right in time before all the AI diarrhea. Thank you Hack The Bay and Pacific Hackers for having me, I’ll be back next year.

Catch me speaking intelligence collection at scale today at HackTheBay #PHACK

Diagram showing an overview of the OUTLAW infection chain.

Elastic Security Labs researchers report on Outlaw, a persistent yet unsophisticated auto-propagating Linux coinminer. Despite lacking stealth and advanced evasion techniques, it remains active and effective by leveraging simple but impactful tactics. www.elastic.co/security-lab...

How to Enter the US With Your Digital Privacy Intact Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Patrol accessing your data.

Green card holders detained. A French researcher denied entry for anti-Trump messages. A new travel ban on 40+ countries coming.

Given all these encroachments on travelers' civil liberties, we've updated our guide to digital privacy while crossing US borders. www.wired.com/2017/02/guid...

Graphic showing relations between Moonstone Sleet and other subgroups

JPCERT/CC's 佐々木 勇人 (Hayato Sasaki) looks into the practical challenges of attribution in the case of Lazarus’s subgroup. blogs.jpcert.or.jp/en/2025/03/c...

Both Wiz and Palo Alto Networks have found evidence that the compromise of the Changed-Files GitHub Action might have been a complex multi-tier supply chain attack targeting tools used by Coinbase developers

www.wiz.io/blog/new-git...

unit42.paloaltonetworks.com/github-actio...

GitHub - Zouuup/landrun: Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. Run any Linux process in a secure, unprivileged sandbox using Landlock LSM. Think firejail, but lightweight, user-friendly, and baked into the kernel. - Zouuup/landrun

AI and blockchain software expert Armin Ranjbar released Landrun, a lightweight, secure sandbox for running Linux processes

github.com/Zouuup/landrun

GitHub - Cryakl/Ultimate-RAT-Collection: For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots. For educational purposes only, exhaustive samples of 450+ classic/modern trojan builders including screenshots. - Cryakl/Ultimate-RAT-Collection

Someone has done an excellent job collecting RATs and documenting them by version. They also included images.

A+ work. This is amazing (we're going to ingest this eventually)

github.com/Cryakl/Ultim...

⚠️🧵 RL researchers have found 2 malicious #VSCode extensions, "ahban.shiba" & "ahban.cychelloworld," that deliver #ransomware in development to it's users. #Dev #SoftwareSupplyChainSecurity

Just over 600 GitHub repos were impacted by Changed-Files supply chain attack

www.endorlabs.com/learn/blast-...

Podcast: risky.biz/RBNEWS400/ (400, woohoo! 🎉)
Newsletter: risky.biz/risky-bullet...

-China says Taiwan's military is behind PoisonIvy APT
-Google buys Wiz for $32 billion
-11 APTs abuse a Windows zero-day
-Judge tells CISA to reinstate fired workers
-Supply-chain attack hits car dealership sites

EFF Border Search Pocket Guide border-pocket-guide-2.pdf

If you're critical of the US government and you are planning to cross the US border any time soon, today is a good day to review EFF's border search pocket guide: www.eff.org/document/eff...

-43% of WP vulns last year didn't require authentication to exploit
-96% of WP vulns impacted plugins
-22 new WP vulns published daily
-over 500k WP websites hacked last year

patchstack.com/whitepaper/s...

Introducing MalChela. A YARA and Malware Analysis utility written in Rust. #DFIR #MalwareAnalysis #YARA #Hashing

An inside look at NSA (Equation Group) TTPs from China’s lense

Xintra founder Lina Lau has published a report that untangles and puts more clarity on how Chinese authorities claim the Equation Group (US NSA) hacked the Xi'an Northwestern Polytechnical University

www.inversecos.com/2025/02/an-i...

Agenda for SunSecCon is up www.sunseccon.org

Datadog threat roundup: top insights for Q4 2024 | Datadog Security Labs Threat insights from Datadog Security Labs for Q4 2024.

Threat insights from Datadog Security Labs for Q4 2024

securitylabs.datadoghq.com/articles/202...

Elastic Security Labs' Remco Sprooten & Ruben Groenewoud analyse PUMAKIT, a loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers. www.elastic.co/security-lab...

Link? If you can.

Overview of the attack flow

Overview of how a large number of credentials were leaked

Clusters of fake GitHub profiles

Phishing e-mail

New research: We've been monitoring a threat actor publishing dozens of trojanized GitHub repositories targeting threat actors, leaking hundreds of thousands of credentials along the way

securitylabs.datadoghq.com/articles/mut...

Introducing Supply-Chain Firewall: Protecting Developers from Malicious Open Source Packages | Datadog Security Labs Release of Supply-Chain Firewall, an open source tool for preventing the installation of malicious PyPI and npm packages

We are happy to introduce our latest tool "Supply Chain Firewall" 🎉 by @ikretz.bsky.social
The tool detects & prevents installation of malicious packages in local development environment.

Read more
securitylabs.datadoghq.com/articles/int...

And give it a try github.com/DataDog/supp...

Mistakes happen to everyone!

❤️ @binaryninja.bsky.social

Exclusive: The backdoor inserted in v1.95.7 adds an "addToQueue" function which exfiltrates the private key through seemingly-legitimate CloudFlare headers.

Calls to this function are then inserted in various places that (legitimately) access the private key.

Supply Chain Attack Detected in @solana/web3.js Library - So... A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.

🚨 A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular #Solana web3.js library. The injected code captures private keys and transmits them to a hardcoded address. This is a developing story. socket.dev/blog/supply-... #crypto #cybersecurity

PHACK, some friends and I are creating a Security track in the famous SCALE in LA (Pasadena). CFP is open and early birds tickets are for sale!

If your in LA come check us out! www.sunseccon.org www.phack.org www.socallinuxexpo.org/scale/22x

@socallinuxexpo.bsky.social #infosec

Sites that don’t let you copy/paste in the password field.

Let me try to type this 24 char (because the site doesn’t allow longer) randomly generated string.

Fail.

Reset password.

Let’s trying again…

MUT-8694: An NPM and PyPI Malicious Campaign Targeting Windows Users | Datadog Security Labs This post includes an analysis of an infostealer supply chain attack targeting Windows users

Great analysis by my colleagues on a Windows stealer that's being distributed through a large number of malicious npm and PyPI packages: securitylabs.datadoghq.com/articles/mut...

Ends up dropping an infostealer (Blank Grabber/Skuld Stealer) which exfiltrates browser cookies (amongst others)

Want to keep up to date with Datadog’s Cloud Security Research? We’ve got a starter pack for that. All of our researchers in one feed.
go.bsky.app/8XpcFm5