与「ThreatIntelligence」相关的搜索结果

Big News! 📣 @Ripple is now contributing high-confidence DPRK threat data through Crypto ISAC helping security teams move from awareness to action. The reality is North Korean threat actors aren’t just attacking crypto, they’re infiltrating it. The latest wave of attacks is shifting away from traditional exploits and toward something harder to detect: trusted access gained through social engineering, recruitment, and long-term deception. In our new blog with Ripple, we break down: - How these campaigns operate “from the inside out” - Why traditional indicators aren’t enough to catch them - And how shared, enriched threat intelligence is changing the equation Because in this environment, no single company can see the full picture alone. Read more 👇 #CryptoSecurity# #ThreatIntelligence# #DPRK# #Cybersecurity# #DigitalAssets# #CryptoISAC#

🚨 SlowMist TI Alert 🚨 MistEye has received critical threat intelligence regarding an active supply chain attack compromising node-ipc, a foundational Node.js library. The malicious releases have been identified as versions 9.1.6, 9.2.3, and 12.0.1. Threat actors injected an obfuscated credential-stealing payload into the CommonJS bundle. Once loaded, it silently harvests over 90 categories of developer data—including AWS, Azure, GCP, SSH, K8s tokens, and Terraform states—and exfiltrates it to attacker-controlled infrastructure. We have synchronized this IOC with our clients immediately. Detection & Remediation: Please urgently audit your environments for exposure: • Dependencies: Run npm ls node-ipc --all to identify direct or transitive inclusions. • Lockfiles: Search package-lock.json, yarn.lock, or pnpm-lock.yaml for the affected version ranges. • CI/CD: Review pipeline jobs executed after May 14, 2026, that may have pulled loose semver updates (~9.1.x, ^12, etc.). ⚠️ Critical Action: If a compromised version was installed, assume certain compromise. Do not wait for exfiltration confirmation. Downgrade to a known safe version immediately and aggressively rotate all credentials, tokens, and environment secrets present on the affected machine or CI runner. As always, stay vigilant!

🚨 SlowMist TI Alert 🚨 MistEye has monitored threat intelligence regarding a sophisticated supply chain campaign targeting official Checkmarx distribution channels. The attack involved maliciously overwriting tags in the checkmarx/kics Docker Hub repository and injecting remote payload execution logic into specific extension versions, including checkmarx/cx-dev-assist (1.17.0, 1.19.0) and checkmarx/ast-results (2.63.0, 2.66.0). This campaign specifically aims to exfiltrate developer and cloud credentials to obtain GitHub and npm tokens for lateral propagation. Consequently, this propagation has led to the compromise of the @bitwarden/cli@2026.4.0 package, which now contains a malicious file named bw1.js. These IOCs have been synchronized with clients immediately. It is advised to avoid unverified checkmarx/kics Docker images and strictly refrain from using the compromised extension or CLI versions mentioned above. Immediate auditing of development environments and rotation of any potentially exposed credentials or tokens is strongly recommended. As always, stay vigilant!

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active and highly destructive macOS infostealer known as "MacSync Stealer" (v1.1.2). Threat actors are targeting macOS users to extract sensitive data, including crypto wallets, browser credentials, system Keychains, and infrastructure keys (SSH/AWS/K8s). The malware uses fake AppleScript system dialogs to phish for login passwords and displays a fake "not supported" error after data exfiltration. We have synchronized this IOC with our clients immediately. Please do NOT execute unverified macOS scripts and be extremely cautious of unexpected system password prompts. In the event of a suspected compromise, immediate remediation is critical: rotate all infrastructure credentials (SSH/AWS/K8s), invalidate exposed Keychains, and swiftly migrate cryptocurrency assets to secure wallets. As always, stay vigilant!

🚨 SlowMist TI Alert 🚨 MistEye has received threat intelligence from the community regarding an active social engineering campaign utilizing fraudulent "Harmony Voice" links (harmony-voice[.]app). Threat actors are targeting individuals under the guise of project collaboration, requesting the use of this fake software for real-time translation. We have synchronized this IOC with our clients immediately. Please do NOT click on any harmony-voice[.]app/invite/room/... links, download associated software, or interact with unsolicited testing requests. As always, stay vigilant!