access ai android api apple attack authentication backdoor breach business ceo china cisa cisco ciso cloud compliance control credentials crypto cve cyber cyberattack cybercrime cybersecurity data data-breach defense detection email exploit finance flaw framework fraud germany google governance government group hacker hacking healthcare identity infrastructure intelligence Internet jobs law leak linux malicious malware microsoft monitoring network open-source password phishing privacy ransomware remote-code-execution resilience risk russia scam service software strategy supply-chain technology theft threat tool unclassified update usa vulnerability windows zero-day
-
Wie moderne ICT-Infrastruktur eine globale Arbeitswelt unterstützt
Tags: infrastructureVor zehn Jahren fühlte sich Remote-Arbeit in vielen Branchen noch wie eine Übergangslösung an. Mitarbeiter loggten sich gelegentlich von zuhause in Firmensysteme ein, meist während Geschäftsreisen oder unter besonderen Umständen, während der eigentliche Mittelpunkt des Arbeitsalltags weiterhin an Bürogebäude und feste regionale Teams gebunden blieb. Auch die Infrastruktur spiegelte dieses Denken wider. Netzwerke […] First…
-
Security-by-Design Fünf verbreitete Mythen im Faktencheck
Mit dem Cyber-Resilience-Act (CRA) der EU wird Security-by-Design ab 2027 für Produkte mit digitalen Elementen zur Pflicht. Zu diesem Anlass hat Open Systems, ein führender Anbieter von comanaged SASE-Lösungen, die gängigsten Mythen rund um das Konzept einem Faktencheck unterzogen und zeigt, warum sie zunehmend zu einem Risiko werden können. Der Security-by-Design-Ansatz wird mit dem Inkrafttreten…
-
Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ghost-cms-sql-injection-flaw-exploited-in-large-scale-clickfix-campaign/ also interesting: Top 7 zero-day exploitation trends of 2024 January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention LeakyLooker: Hacking Google…
-
Top 10 Best Static Application Security Testing (SAST) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. Whether you are managing extensive front-end codebases or back-end API integrations, catching flaws before code is compiled is crucial. This proactive approach is the essence of Static Application Security Testing (SAST). By identifying…
-
Security Affairs newsletter Round 578 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…
-
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
Anthropic said its AI Project Glasswing found over 10,000 serious vulnerabilities in one month, exposing a growing patching gap. Anthropic announced on Friday that Project Glasswing, its defensive cybersecurity initiative built around Claude Mythos Preview, has uncovered more than 10,000 high- or critical-severity vulnerabilities in the month since the program went live. The number is…
-
Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/24/week-in-review-github-breached-via-poisoned-vs-code-extension-critical-nginx-flaw-exploited/ also interesting: Malicious packages in npm evade dependency detection through invisible URL links: Report Hackerbot-Claw Bot Exploits GitHub Actions CI/CD Flaw…
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-2026-9082 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Drupal issued a highly critical security patch on May…
-
Veeam präsentiert Intelligent ResOps für kontextsensitive Datenwiederherstellung in KI-Umgebungen
Mit Intelligent ResOps positioniert sich Veeam damit klar im Zukunftsmarkt für KI-gestützte Cyber-Resilienz und datengetriebene Recovery-Prozesse. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-praesentiert-intelligent-resops-fuer-kontextsensitive-datenwiederherstellung-in-ki-umgebungen/a45284/ also interesting: Veeam erweitert seine Cyber-Schutzfunktionen und integriert KI-Unterstützung Veeam stellt neue Enterprise-Funktionalitäten und Microsoft Entra ID-Schutz vor Business continuity and cybersecurity: Two sides of the same coin Business continuity and…
-
Ransomware Viele CISOs würden Lösegeld zahlen
Cyberangriffe mit Ransomware bleiben für Unternehmen weltweit eine der größten Bedrohungen. Besonders problematisch sind dabei nicht nur gestohlene Daten, sondern vor allem die Folgen für den laufenden Betrieb. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/ransomware-cisos-loesegeld-zahlen also interesting: Disaster Recovery und Business Continuity effektiv planen CSO in eigener Sache: Mit Smart Answers zu mehr Information…
-
10 Jahre Datenschutz durch DSGVO: Neue Herausforderung durch KI
Die Datenschutzgrundverordnung (DSGVO) spielt seit ihrer Einführung im Jahr 2016 eine zentrale Rolle im Datenschutzmanagement deutscher Unternehmen. Zehn Jahre nach Inkrafttreten ist der Datenschutz fest in den Geschäftsprozessen verankert, doch die Herausforderungen und der Aufwand nehmen kontinuierlich zu. Während im Jahr 2018 nur 7 Prozent der Unternehmen die Vorgaben vollständig umsetzten, sind es 2024 bereits……
-
10 Jahre Datenschutz durch DSGVO: Neue Herausforderung durch KI
Die Datenschutzgrundverordnung (DSGVO) spielt seit ihrer Einführung im Jahr 2016 eine zentrale Rolle im Datenschutzmanagement deutscher Unternehmen. Zehn Jahre nach Inkrafttreten ist der Datenschutz fest in den Geschäftsprozessen verankert, doch die Herausforderungen und der Aufwand nehmen kontinuierlich zu. Während im Jahr 2018 nur 7 Prozent der Unternehmen die Vorgaben vollständig umsetzten, sind es 2024 bereits……
-
Sichtbarkeit in der Netzwerksicherheit: Vom blinden Fleck zur kontrollierten Abwehr
Die Bedeutung von Sichtbarkeit in der Netzwerksicherheit kann nicht hoch genug bewertet werden, da viele Unternehmen ihre tatsächliche Geräte- und Systemlandschaft nicht vollständig kennen, was Risiken erhöht. Moderne Netzwerke bestehen aus IT, OT, IoT und IoMT, was eine vollständige Kontrolle und Erkennung aller Geräte erfordert, zumal viele Geräte nicht verwaltet oder schwer zu patchen… First…
-
Sichtbarkeit in der Netzwerksicherheit: Vom blinden Fleck zur kontrollierten Abwehr
Die Bedeutung von Sichtbarkeit in der Netzwerksicherheit kann nicht hoch genug bewertet werden, da viele Unternehmen ihre tatsächliche Geräte- und Systemlandschaft nicht vollständig kennen, was Risiken erhöht. Moderne Netzwerke bestehen aus IT, OT, IoT und IoMT, was eine vollständige Kontrolle und Erkennung aller Geräte erfordert, zumal viele Geräte nicht verwaltet oder schwer zu patchen… First…
-
Betrugsmasche CypherLoc setzt Nutzer mit Browser-Sperren unter Druck
Tags: unclassifiedSicherheitsforscher von Barracuda warnen vor einer neuen Form browserbasierter Betrugsangriffe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cypherloc-browser-sperren also interesting: Three steps toward a passwordless future Beyond PHP EOL: An Upgrade Dilemma Metro-Entwicklungsserver – Remote-Code-Ausführung in Metas React Native CLI gefährdet Entwickler eco-Kritik an Neuauflage der Vorratsdatenspeicherung des BMJV
-
Streaming-Dienste als Einfallstor: Cyberkrimineller Missbrauch privater Credentials für Credential-Stuffing-Angriffe auf Unternehmen
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/streaming-einfallstor-credential-stuffing-angriffe-unternehmen also interesting: Navigating Compliance: Password and Credential Security Cybersecurity Snapshot: Top Advice for Detecting and Preventing AI Attacks, and for Securing AI Systems 13 ways attackers use generative AI to exploit your systems State-affiliated hackers set up for critical OT attacks that operators may not detect
-
GITEX AI EUROPE: Vom 30. Juni bis 1. Juli 2026 in zweiter Auflage in Berlin
Tags: aiFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/gitex-ai-europe-30-juni-1-juli-2026-zweiter-auflage-berlin also interesting: AI Is Changing the Face of Fraud – And Fraud Fighting Check Point stellt die Quantum Force Gateways mit KI auf der CPX 2024 vor Watch Now: Cyber AI Automation Summit- All Sessions Available On Demand ‘K2 Think’ AI Model Jailbroken Mere Hours After Release
-
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/laravel-lang-packages-hijacked-to-deploy-credential-stealing-malware/ also interesting: Self-propagating worm found in marketplaces for Visual Studio Code extensions How GlassWorm wormed…
-
Kita-Kinder als KI-Trainingsdaten? Eltern stoppen umstrittenes Forschungsprojekt
Tags: aiForscher wollten Vorschulkinder per Bodycam filmen für ihre KI-Trainingsdaten. Nach massivem Protest wurde das Projekt gestoppt. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/kita-kinder-als-ki-trainingsdaten-eltern-stoppen-umstrittenes-forschungsprojekt-329367.html also interesting: TD Synnex: AI and security top channel technology investments Phishing attack spike fueled by generative AI Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations…
-
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.”Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship…
-
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication…
-
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or…
-
These special phone and app features can help protect you from spyware
Apple, Meta, and Google offer special security modes that provide your devices more secure against targeted spyware attacks. Here are how those modes work, what they do, and how to switch them on. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/23/you-dont-have-to-click-anything-to-get-hacked-anymore-heres-how-to-fight-back/ also interesting: TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen…
-
Thorchain-Gründer nach Milliardenverlust: „Wenn man tatsächlich bei Null landet, sollte man nicht weinen”
Tags: unclassifiedFirst seen on t3n.de Jump to article: t3n.de/news/thorchain-gruender-nach-milliardenverlust-wenn-man-tatsaechlich-bei-null-landet-sollte-man-nicht-weinen-1742909/ also interesting: Speak at TechCrunch Disrupt 2025: Applications now open Zertifiziert und jetzt? – Im Dschungel der Cybersicherheitsstandards zurechtfinden IT-Sicherheit – Mit Managed Security zur modernen und souveränen Cyberabwehr Europäischer Datenschutztag 2026 – Warum Datenschutz zur Frage digitaler Souveränität wird
-
Das Ende der Cybersecurity? Was Anthropics Claude Mythos Preview für Software bedeutet
First seen on t3n.de Jump to article: t3n.de/news/cybersecurity-ki-claude-mythos-preview-1742439/ also interesting: âš¡ THN Recap: Top Cybersecurity Threats, Tools and Tips (Dec 2 – 8) Fifteen Best Practices to Navigate the Data Sovereignty Waters Proofpoint buying Hornetsecurity in a play to expand email security scope Trusted Cloud Edge in Practice: Transforming Critical Industries
-
Angriff auf GitHub über kompromittiertes Gerät: Hacker stehlen 3.800 interne Repositories
First seen on t3n.de Jump to article: t3n.de/news/github-hacker-stehlen-repositories-1743454/ also interesting: Hackers Exploit GitHub to Distribute Malware Disguised as VPN Software Hackers Deploy Cobalt Strike Beacon Using GitHub and Social Media Nach Nx-Angriff: Hacker kapern Github-Konten und leaken private Repos KI-Malware ist keine Theorie mehr
-
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Tags: accessItalian authorities have dismantled a piracy ecosystem centered around the CINEMAGOAL app that provided access to various streaming platforms, including Netflix, Disney+, and Spotify. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/legal/italy-disrupts-cinemagoal-piracy-app-that-stole-streaming-auth-codes/ also interesting: 8220 Gang Exploiting Oracle WebLogic Server Flaw To Deploy Cryptominer Unbefugter Zugriff bei einem Telekommunikationsdienstleister in Irland? Top 5 Evaluation Criteria…
-
Why pure extortion is replacing traditional ransomware
Ransomware gangs are shifting from encryption to pure extortion, focusing on stolen data, reputational pressure, and stealthier attacks. Ransomware groups are quietly changing strategy in 2026. Instead of encrypting systems and causing immediate disruption, many attackers are now focusing on pure extortion: stealing sensitive data and threatening to leak it publicly if victims refuse to…
-
71 Prozent der Unternehmen waren im vergangenen Jahr von mindestens einem Identitätsdiebstahl betroffen
Der Report ‘State of Identity Security 2026″ von Sophos kommt zu dem Ergebnis, dass menschliches Versagen und mangelhaftes Identitätsmanagement bei nicht-menschlichen Akteuren die Hauptursachen für die meisten Angriffe sind, während autonome KI das Risiko weiter erhöht. Die Umfrage zeigt, dass 71 Prozent der Unternehmen (Deutschland: 62 Prozent) im vergangenen Jahr mindestens einen identitätsbezogenen Sicherheitsvorfall erlitten…
-
Linux-Kernel-Schwachstelle ermöglicht Zugriff auf sensible Root-Daten
Die Sicherheitsforscher der Threat Research Unit (TRU) von Qualys haben mit CVE-2026-46333 eine Schwachstelle im Linux-Kernel identifiziert, die unter bestimmten Bedingungen die Offenlegung sensibler Informationen privilegierter Prozesse ermöglicht. Die Sicherheitslücke befindet sich im sogenannten ptrace-Zugriffspfad des Kernels und kann von lokal angemeldeten Benutzern ohne administrative Rechte ausgenutzt werden. Nach Erkenntnissen der Forscher handelt es sich um eine Race-Condition…
-
Angriffe mit künstlicher Intelligenz sind nicht mehr nur experimentell
Der ‘Threat Landscape Digest März bis April 2026″ der Sicherheitsforscher von Check Point Research dokumentiert mehrere Sicherheitsvorfälle, die insgesamt bestätigen, was die Branche bereits seit langem erwartet hat: Angriffe mittels künstlicher Intelligenz haben die experimentelle Phase hinter sich gelassen und werden nun routinemäßig von Kriminellen eingesetzt. KI-gesteuerte Angriffe haben sich vom experimentellen, staatlich geförderten Einsatz…
-
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Anthropic on Friday disclosed that Project Glasswing has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most “systemically” important software across the world since the cybersecurity initiative went live last month.Project Glasswing is an effort led by the artificial intelligence (AI) company, as part of which a small set of…
-
Was uns der Vercel-Angriff über moderne Identitätsrisiken lehrt
KI-Tools verändern die Art, wie Unternehmen arbeiten und die Art, wie sie angegriffen werden. In den vergangenen Monaten folgte eine wachsende Zahl von Sicherheitsvorfällen einem Muster, das klassische Identity-Governance-Lösungen schlicht nicht erkennen können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/vercel-angriff-moderne-identitaetsrisiken also interesting: Why identity security is your best companion for uncharted compliance challenges 8…
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Privacy Roundup: Week 1 of Year 2025 RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack…
-
RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack ASUS Routers
Cybersecurity firm VulnCheck reveals hackers are using a critical 2018 vulnerability to bypass authentication and hack over a million ASUS routers. First seen on hackread.com Jump to article: hackread.com/rondodox-botnet-2018-vulnerability-hijack-asus-routers/ also interesting: The 2024 cyberwar playbook: Tricks used by nation-state actors Privacy Roundup: Week 1 of Year 2025 RondoDox Botnet Exploits Critical 2018 Vulnerability to Hijack…
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html also interesting: 6 ways hackers…
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html also interesting: 71% of CISOs…
-
The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers
Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-fbi-license-plate-reader-real-time-access/ also interesting: Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses 13…
-
Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets
Ghostwriter targeted Ukrainian government agencies with phishing emails delivering malware and Cobalt Strike payloads. The Belarus-nexus APT group Ghostwriter (also tracked as UAC-0057 and UNC1151) has resurfaced with a new phishing campaign targeting Ukrainian government organizations. This time the lure is Prometheus, a legitimate Ukrainian online learning platform that many government employees actually use. Using…
-
Ubiquiti Patches Critical UniFi OS Privilege Escalation Flaws
Ubiquiti has released urgent security patches for five critical and high-severity vulnerabilities across its UniFi OS platform, addressing flaws that could allow remote attackers to execute arbitrary commands and escalate privileges on a wide range of UniFi devices. The flaws also span improper access control and path traversal, affecting a broad range of UniFi OS…
-
LiteSpeed cPanel Plugin 0-Day Exploited for Server Root Access
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being actively exploited in the wild, enabling any authenticated cPanel user to execute arbitrary scripts as root and gain full server control. Tracked as CVE-2026-48172 with a maximum CVSS score of 10.0, the flaw has been patched as of May 21, 2026. The root cause is a logic…
-
Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability in question is CVE-2026-9082 (CVSS score: 6.5), an SQL injection vulnerability affecting all supported versions of Drupal Core.”Drupal Core First seen on…
-
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root
A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild.The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts with elevated permissions.”Any cPanel user (including an attacker or a compromised account) may First…
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…