31 Red Hat npm packages backdoored in 72 seconds
RL has discovered a new supply chain attack affecting 9.8M total downloads across Red Hat's Hybrid Cloud Console JavaScript ecosystem.
Threat Research
31 Red Hat npm packages backdoored in 72 seconds
Researcher's Notebook: Hunting Megalodon Fossils
Analyzing C2 responses from compromised GitHub Actions linked a current threat to an earlier one, showing the value of retrohunting.
Hackers Abuse Parental Controls to Hijack Google Accounts
Learn how attackers are re-casting adults as minors to bypass recovery and lock users out.
How Dirty Frag rose from the Copy Fail exploit
RL documented 163 samples of the Linux exploit's new variants, active malware — and developed YARA rules.
Copy Fail Flaw: 5 YARA Rules for Detection
Here’s what you need to know about the Linux kernel privilege escalation — and how to use YARA rules to get on top of it.
Claude adds malware to crypto agent
PromptMink has evolved into a malicious dependency in a package that allows access to crypto wallets and funds.
Graphalgo fake recruiter campaign returns
An attack targeting crypto developers has been respawned — with an LLC and new techniques.
The TeamPCP supply chain attack evolves
The malicious campaign started with Trivy and Checkmarx and has shifted to LiteLLM — and now telnix. Here's how.
Fake install logs in npm packages load RAT
The final-stage malware in the Ghost campaign is a RAT designed to steal crypto wallets and sensitive data.
Inside the NuGet hackers' toolset
RL discovered two packages containing scripts that complete a typosquatting toolchain. Here's how it worked.
Malicious NuGet package targets Stripe
Threat actors targeted developers with a bogus package — a shift away from the recent crypto development hack focus.
Inside the fake crypto developer recruitment hack
Here’s a more-in-depth technical analysis of the packages involved in the "graphalgo" campaign.
Fake recruiter campaign targets crypto devs
A new branch of a fake job recruitment campaign, dubbed "graphalgo," is targeting developers with a RAT.
Inside the EmEditor supply chain compromise
By combining early infrastructure detection with supply chain security controls you can give your defenders a leg up.
Unpacking the packer ‘pkr_mtsi’
This RL Researcher’s Notebook highlights the packer’s evolution — and offers a YARA rule to detect all versions.