This page collects WhisperX intelligence signals tagged #malware. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
WhisperX has uncovered evidence of state-backed initiatives to pre-install sophisticated hardware mining malware on cryptocurrency mining rigs and consumer-grade hardware manufactured and distributed within Russia. This malware operates covertly, siphoning a significant percentage of mining rewards and redirecting them...
Intelligence indicates a new wave of state-sponsored cybercrime targeting the hardware supply chain for cryptocurrency mining operations, with a focus on components originating from manufacturers in the broader East Asian region, impacting supply chains servicing users globally. Malware designed to secretly mine crypt...
A new phishing-as-a-service platform named 'Starkiller' is enabling cybercriminals to bypass traditional detection methods by dynamically loading the *real* login pages of target brands and acting as a stealthy relay between victims and legitimate sites. Unlike static phishing kits, Starkiller uses cleverly disguised l...
The cybercriminals controlling the Kimwolf botnet, which has infected over 2 million devices, recently shared a screenshot indicating they had compromised the control panel for Badbox 2.0. Badbox 2.0 is a vast China-based botnet powered by malicious software pre-installed on many Android TV streaming boxes. Both the FB...
A new IoT botnet named Kimwolf has infected over 2 million devices, forcing them to participate in massive DDoS attacks and relay other malicious traffic. Its ability to scan local networks of compromised systems for additional IoT devices makes it a significant threat to organizations. Research indicates Kimwolf is su...
A new botnet dubbed 'Kimwolf' has infected over 2 million devices globally, with concentrations in Vietnam, Brazil, India, Saudi Arabia, Russia, and the United States. Security firm Synthient reports that two-thirds of the infections are on Android TV boxes lacking basic security or authentication. The Kimwolf malware ...
In Episode 15 of Dark Reading Confidential, the story details how Interpol enlisted the expertise of threat hunter Will Thomas and his team to dismantle a sprawling African cybercrime syndicate. The operation resulted in the arrest of 574 suspects, the recovery of over $3 million in illicit funds, and the successful de...
A critical security vulnerability has been identified in a student registration system's document upload feature. The system lacks fundamental security validations, including file type whitelisting, file size limits, and secure file naming conventions. This exposes the system to significant risks, such as malware uploa...
A sophisticated supply chain attack has compromised the official GitHub repositories for Aqua Security's Trivy vulnerability scanner, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the core `aq...
A widely used open-source AI project, LiteLLM, has been compromised by credential-harvesting malware, raising immediate security concerns for its millions of users. The incident exposes a critical vulnerability in a core component of the AI development ecosystem, where malicious code was introduced into the project's c...
A threat actor has executed a sophisticated supply chain attack against Aqua Security's critical open-source security tools. Using compromised credentials, the attacker published a malicious version of the Trivy vulnerability scanner (v0.69.4) and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-a...
A critical security breach has hit LiteLLM, a widely used open-source AI project, exposing its user base to credential-harvesting malware. The incident directly impacts millions of developers and organizations that rely on the tool for managing large language model APIs, raising immediate concerns about supply chain se...
A sophisticated supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy, a critical open-source security scanner used by millions of projects. Threat actors used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aqua...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security, a major player in the container and vulnerability scanning space. Threat actors used compromised credentials to publish malicious releases of the Trivy scanner and force-push nearly all version tags in its associated GitHub re...
A critical supply chain attack has compromised the official GitHub Actions for Aqua Security's Trivy vulnerability scanner. On March 19, 2026, a threat actor used stolen credentials to publish a malicious Trivy v0.69.4 release and then force-pushed 76 out of 77 version tags in the `aquasecurity/trivy-action` repository...
A critical supply-chain attack has compromised the widely used Axios HTTP client library on the NPM registry, with malicious versions deploying a remote access trojan (RAT). This incident represents a direct infiltration of a foundational JavaScript package, posing an immediate and severe risk to countless applications...
A critical supply chain attack has compromised the widely-used `axios` HTTP client library. On March 31, 2026, the npm accounts of the axios lead maintainer were hijacked, leading to the publication of two malicious package versions: `[email protected]` and `[email protected]`. These tainted releases contained a hidden dependenc...
A sophisticated supply chain attack has compromised the widely used `aquasecurity/trivy-action` GitHub Action, with a threat actor using stolen credentials to force-push malware to 76 out of 77 version tags. The attack, detailed in a GitHub security advisory, began on March 19, 2026, when the actor published a maliciou...
A critical open-source supply chain has been compromised, with a hacker successfully inserting malware into Axios, a foundational web tool downloaded tens of millions of times each week. This is not a minor vulnerability but a direct hijacking of a core project, turning a trusted piece of infrastructure into a vector f...
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, injecting credential-stealing malware into official GitHub Actions and DockerHub images. The attack, executed by a threat actor using compromised credentials, directly targeted the integrity of the Trivy vulner...