"CanisterWorm" supply chain malware attacks npm

A threat actor who stole credentials from a legitimate node package manager (npm) publisher has spread a persistent, worm-like malware across dozens of packages, security firms say. Named CanisterWorm ...

FBI says Iranian hackers are using Telegram to steal data in malware attacks

Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, ...
The Hacker News

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Trivy supply chain attack pushed malicious Docker images on March 22, enabling credential theft and worm spread, impacting cloud environments.

Chrome encryption bypass discovered: New malware steals passwords and cookies

The infostealer uses a first‑seen‑in‑the‑wild debugging method to extract Chrome’s decryption key without privilege escalation, raising concerns about the future of browser data security.