Tag
#infostealer
19 stories taggedinfostealer · page 2 of 2.

Threat Intelligence
npm Hit by Dual Supply-Chain Campaigns: Rust Stealer With eBPF Rootkit, Self-Spreading Worm
Researchers flagged two parallel intrusions into the npm registry. One delivers a kernel-level credential scraper. The other propagates through more than 50 poisoned packages.
3 min

Vulnerabilities
Patched FortiClient EMS Flaw Still a Live Attack Vector for Credential Theft
Attackers are piggybacking on Fortinet's endpoint management tooling to push infostealers disguised as legitimate agent updates.
2 min

Threat Intelligence
TrapDoor Campaign Plants Credential Stealers Across npm, PyPI, and Crates.io
A coordinated operation seeded 34+ malicious packages across three registries since May 2026. If you ship code, this one is sitting in your dependency tree right now.
3 min

Threat Intelligence
Laravel Lang Composer packages backdoored via GitHub tag rewrite, dropping infostealer on developer machines
Attackers reused legitimate version tags on the laravel-lang GitHub repository to push malicious Composer payloads to downstream installs, harvesting credentials from build environments.
2 min