🚀 DeadLock Ransomware Utilizes Polygon Smart Contracts for Evasion
#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
According to ChainCatcher, the ransomware family DeadLock is employing Polygon smart contracts to distribute and rotate proxy server addresses, aiming to evade security detection. Initially discovered in July 2025, this malware embeds JavaScript code within HTML files to interact with the Polygon network, using RPC lists as gateways to obtain server addresses controlled by attackers. This technique resembles the previously identified EtherHiding method, which leverages decentralized ledgers to create hard-to-block covert communication channels. DeadLock has released at least three variants, with the latest version incorporating the encrypted communication application Session to directly communicate with victims.#DeadLock #Ransomware #Polygon #SmartContracts #Evasion #ChainCatcher #JavaScript #HTML #RPC #ProxyServers #EtherHiding #DecentralizedLedgers #EncryptedCommunication #Session #Malware
🚀 Apifox Desktop Client Faces Supply Chain Attack with Malicious Code Injection
#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
Apifox's desktop client has been targeted in a supply chain attack, according to PANews. The official CDN-hosted front-end script files were injected with highly obfuscated malicious JavaScript code. Users affected by this breach may face risks such as credential theft, sensitive data exposure, and remote command execution, with the malicious code executing automatically and remaining highly concealed.
Security firm SlowMist advises users to immediately revoke all tokens, reset passwords, log out and log back in to invalidate sessions, block the domain *.apifox.it.com, clear local storage, and review API logs and any abnormal activities.#Apifox #DesktopClient #SupplyChainAttack #MaliciousCode #JavaScript #CredentialTheft #SensitiveDataExposure #RemoteCommandExecution #SecurityBreach #SlowMist #CyberSecurity #APILogs #TokenRevoke #PasswordReset #APIReview
🚀 Axios Library Compromised by Malicious Attack
#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
An attacker has compromised the npm access token of the lead maintainer of Axios, a popular JavaScript HTTP client library, and used it to release two malicious versions containing cross-platform remote access trojans (RATs). According to ChainCatcher, these versions, axios@1.14.1 and axios@0.3.4, targeted macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry approximately three hours after their release.
Data from security company Wiz indicates that Axios is downloaded over 100 million times weekly and is present in about 80% of cloud and code environments. Security firm Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure period. Notably, the Axios project had implemented modern security measures such as the OIDC trusted publishing mechanism and SLSA provenance proofs. However, the attacker bypassed these defenses entirely.
The investigation revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN. When both tokens coexist, npm defaults to using the traditional token, allowing the attacker to publish without breaching OIDC.#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
🚀 AI TRENDS | Anthropic Limits Claude Mythos Access Following Security Concerns
#AI #Anthropic #ClaudeMythos #Cybersecurity #Vulnerabilities #ZeroDay #Firefox #JavaScript #Exploit #SystemCard #CyberBenchmarks #SecurityConcerns
Anthropic has decided to restrict access to its Claude Mythos AI system to vetted cybersecurity groups. According to NS3.AI, this decision follows pre-release tests that revealed thousands of zero-day vulnerabilities and an 84% exploit success rate on Firefox 147's JavaScript engine. Anthropic's comprehensive 244-page system card highlighted that many existing cyber benchmarks were no longer adequately informative and disclosed significant evaluation oversights discovered late in the testing process.#AI #Anthropic #ClaudeMythos #Cybersecurity #Vulnerabilities #ZeroDay #Firefox #JavaScript #Exploit #SystemCard #CyberBenchmarks #SecurityConcerns