Github - Cybersec Sentinel

Github

A collection of 3 posts

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

TeamPCP Injects Credential Stealer Into Trivy Releases and Spreads to npm via CanisterWorm

GroupTeamPCP (financially motivated threat actor, reportedly collaborating with LAPSUS$ for extortion; nationality unconfirmed)TypeMulti-Ecosystem Supply Chain Attack, Infostealer, Self-Propagating Worm, Kubernetes WiperDeliveryCompromised GitHub Actions (trivy-action, setup-trivy, kics-github-action, ast-github-action) plus poisoned PyPI packages (litellm) and self-propagating npm infection via CanisterWormMalwareTeamPCP Cloud Stealer — three-stage CI/CD credential harvester; CanisterWorm —

GlassWorm Exploits Trust in Open Source Ecosystems

GlassWorm Exploits Trust in Open Source Ecosystems

Threat Group – Unattributed Threat Type – Supply chain malware, infostealer, credential theft Exploited Vulnerabilities – No CVE assigned. Abuse of trusted package registries, compromised publisher access, stolen developer credentials, invisible Unicode obfuscation, and extension dependency abuse Malware Used – GlassWorm loader and follow on JavaScript based payloads Threat Score – 8.7 🔥 Critical Last

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack

Threat Group: Smoke Sandstorm (also tracked as TA455) Threat Type: Trojan Loader Exploited Vulnerabilities: Phishing and social engineering tactics Malware Used: SnailResin (loader), SlugResin (backdoor) Threat Score: High (8.5/10) — Due to advanced delivery techniques, cross-industry targeting, and evasive C2 methods Last Threat Observation: November 14, 2024. Overview The