Cybersecurity

Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package

31 sec read9 views0 listens

A sophisticated attack campaign is targeting PHP developers by embedding malware within a legitimate package on Packagist, a primary repository for PHP dependencies. The malware is cleverly hidden in a configuration file, making it difficult to detect during code reviews, and it fetches payloads from public blockchain services to evade traditional command-and-control detection. Developers must exercise extreme caution with dev branches and unfamiliar build instructions, as this method bypasses typical security measures by leveraging trusted developer workflows.

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Security Affairs newsletter Round 575 by Pierluigi Paganini - INTERNATIONAL EDITION

Here are the key points from the Security Affairs newsletter: Major Linux vulnerability: A critical flaw affecting all major Linux distributions was discovered that could allow root access with just 732 bytes of code. GitHub RCE vulnerability (CV...

Ali Nemati

CybersecurityApr 824 sec read

ExDoS: Expert-Guided Dual-Focus Cross-Modal Distillation for Smart Contract Vulnerability Detection

Researchers have developed ExDoS, a new technique for detecting vulnerabilities in smart contracts by transferring semantic knowledge from source code to bytecode, addressing the challenge of analyzing closed-source contracts. This approach uses dual...

alinemati1983-6987

CybersecurityFeb 2330 sec read

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered a "Shai-Hulud-like" supply chain worm campaign named SANDWORM_MODE that uses at least 19 malicious npm packages to steal credentials and cryptocurrency keys. This attack highlights the ongoing risks in softwar...

Ali Nemati

Cybersecurity11 hours ago34 sec read

Everest Ransomware Attack on VVO Finance in Germany

German financial services firm VVO Finance was targeted by the Everest ransomware group on May 28, 2026, resulting in a threat to release sensitive corporate data. This attack highlights the necessity for cybersecurity teams to conduct immediate comp...

Ali Nemati

CybersecurityMay 2034 sec read

House Homeland Dems request CISA briefing amid report of leaked agency credentials

House Homeland Security Committee members are demanding an immediate briefing from CISA following reports that a government contractor leaked sensitive AWS GovCloud credentials and internal system data on a public GitHub repository. This security fai...

Ali Nemati

Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package

Related Articles

Security Affairs newsletter Round 575 by Pierluigi Paganini - INTERNATIONAL EDITION

ExDoS: Expert-Guided Dual-Focus Cross-Modal Distillation for Smart Contract Vulnerability Detection

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Everest Ransomware Attack on VVO Finance in Germany

House Homeland Dems request CISA briefing amid report of leaked agency credentials