Skip to content
Security

Cybercriminals Deploy Fake Open-Source Tool Sites to Distribute SessionGate and RemusStealer

tldr / infosec 20h ago 8

Cybercriminals have launched a large-scale campaign creating professional fake websites that impersonate trusted open-source security tools including Ghidra, dnSpy, and SpiderFoot. When users click download links that appear to point to official GitHub repositories, hidden scripts hijack the request and route it through a Traffic Distribution System that filters victims by geolocation, browser, and IP history. Those who pass the stealth checks are served severe malware families like SessionGate and RemusStealer, which steal credentials, crypto wallets, and two-factor authentication tokens, while bots and analysts may receive benign decoy files. The dynamic gating and use of legitimate CDNs make the campaign exceptionally difficult to detect and track.

Read full article →

More Security

Anthropic embeds engineers in NSA to deploy Mythos for offensive cyber operations

tldr / ai 20h ago 9

Anthropic embedded engineers in the NSA to deploy its unreleased Mythos AI for offensive cyber operations, even as it sues the Pentagon over military AI restrictions.

GitHub scrubs 70+ Microsoft repos as Miasma worm breaks CI/CD pipelines

theregister / security 6h ago 9

GitHub disabled 70+ Microsoft repos in under two minutes after the Miasma worm infected projects via compromised commits, breaking CI/CD pipelines and triggering RCE in developer tools.

Ubiquiti Patches Critical UniFi OS Flaws Enabling Unauthenticated Root RCE

tldr / infosec 20h ago 9

Ubiquiti patched three critical UniFi OS flaws that chain into unauthenticated root RCE with CVSS 10.0 scores, requiring immediate patching and full credential rotation.