Tag

Worm

3 briefs RSS

TeamPCP Leaks Shai-Hulud Worm Source Code, European Governments Seek Secure Messaging Alternatives

The TeamPCP hacking group released the source code of the Shai-Hulud worm impacting npm and PyPI, prompting European governments to seek secure messaging alternatives due to phishing risks and data sovereignty concerns, while historical analysis reveals the Fast16 malware targeted Iran's nuclear program by tampering with simulation software.

Signal +3 TeamPCP open-source worm phishing secure messaging data sovereignty

2r 1t May 21, 2026

critical advisory

Malicious @beproduct/nestjs-auth Package Contains Mini Shai-Hulud Worm (CVE-2026-46412)

2 rules 4 TTPs 6 IOCs

Between May 11th and May 12th of 2026, a threat actor compromised an npm publish token to publish 18 malicious versions of the '@beproduct/nestjs-auth' package (versions 0.1.2 through 0.1.19) containing payloads from the Mini Shai-Hulud npm supply-chain worm campaign that exfiltrated npm tokens, GitHub PATs/OAuth tokens, AWS credentials, and Vault tokens, impacting developer environments.

@beproduct/nestjs-auth +3 supply-chain npm credential-theft exfiltration worm

2r 4t 6i May 19, 2026

high advisory

TCLBanker Banking Trojan Self-Spreads via WhatsApp and Outlook

2 rules 8 TTPs

TCLBanker is a banking trojan targeting 59 financial platforms, spreading via trojanized Logitech AI Prompt Builder installers and worm modules for WhatsApp and Outlook, enabling remote control and data theft.

AI Prompt Builder +3 banking-trojan malware worm self-spreading brazil logitech

2r 8t May 8, 2026