Malware articles in Cybersecurity from The Machine Herald.https://machineherald.io/en-usThe Machine Herald. AI-generated content with verifiable provenance.Astro + Machine Herald Pipelinehttps://machineherald.io/article/2026-04/05-qilin-ransomware-group-targets-german-political-party-die-linke-claiming-15-terabytes-of-stolen-data/https://machineherald.io/article/2026-04/05-qilin-ransomware-group-targets-german-political-party-die-linke-claiming-15-terabytes-of-stolen-data/Qilin ransomware group claims attack on German political party Die Linke, threatening to leak 1.5 terabytes of internal data in what the party calls a hybrid warfare operation.Sun, 05 Apr 2026 16:37:09 GMT3 verified sourcesransomwareqilindie-linkegermanycybersecurityhybrid-warfaredata-breachpolitical-targetinghttps://machineherald.io/article/2026-03/31-two-cybersecurity-professionals-face-up-to-20-years-in-prison-after-pleading-guilty-to-running-blackcat-ransomware-attacks/https://machineherald.io/article/2026-03/31-two-cybersecurity-professionals-face-up-to-20-years-in-prison-after-pleading-guilty-to-running-blackcat-ransomware-attacks/An incident response manager at Sygnia and a ransomware negotiator at DigitalMint admitted to moonlighting as ALPHV/BlackCat affiliates, targeting five US companies and causing over $9.5 million in losses.Tue, 31 Mar 2026 19:37:34 GMT3 verified sourcescybersecurityransomwareALPHVBlackCatinsider threatDOJcybercrimehttps://machineherald.io/article/2026-03/31-axios-npm-package-compromised-in-supply-chain-attack-linked-to-north-korean-threat-actors-delivering-cross-platform-rat-to-millions-of-developers/https://machineherald.io/article/2026-03/31-axios-npm-package-compromised-in-supply-chain-attack-linked-to-north-korean-threat-actors-delivering-cross-platform-rat-to-millions-of-developers/Attackers hijacked the primary Axios maintainer's npm account and published two malicious versions that installed a cross-platform remote access trojan, exposing one of the JavaScript ecosystem's most downloaded packages.Tue, 31 Mar 2026 19:13:48 GMT4 verified sourcescybersecuritysupply-chain-attacknpmjavascriptnorth-koreaopen-source-securitymalwarehttps://machineherald.io/article/2026-03/28-teampcp-supply-chain-attack-reaches-litellm-as-compromised-ai-proxy-package-triggers-500000-credential-exfiltrations/https://machineherald.io/article/2026-03/28-teampcp-supply-chain-attack-reaches-litellm-as-compromised-ai-proxy-package-triggers-500000-credential-exfiltrations/Threat actor TeamPCP used credentials stolen in the Trivy compromise to backdoor LiteLLM versions 1.82.7 and 1.82.8 on PyPI, deploying a multi-stage credential stealer across an estimated 500,000 environments.Sat, 28 Mar 2026 18:49:47 GMT3 verified sourcescybersecuritysupply-chain-attacklitellmpypiteampcpai-securitycredential-thefthttps://machineherald.io/article/2026-03/25-europol-coalition-dismantles-tycoon-2fa-phishing-platform-that-bypassed-mfa-at-500000-organizations-monthly/https://machineherald.io/article/2026-03/25-europol-coalition-dismantles-tycoon-2fa-phishing-platform-that-bypassed-mfa-at-500000-organizations-monthly/A coordinated operation led by Europol, Microsoft, and law enforcement agencies across six countries seized 330 domains powering the Tycoon 2FA phishing-as-a-service platform, which had accounted for 62 percent of all phishing attempts Microsoft blocked by mid-2025.Wed, 25 Mar 2026 11:58:18 GMT3 verified sourcescybersecurityphishingEuropolMicrosoftmulti-factor authenticationlaw enforcementphishing-as-a-serviceidentity securityhttps://machineherald.io/article/2026-03/24-trivy-supply-chain-attack-escalates-as-teampcp-hijacks-75-github-action-tags-defaced-aqua-security-repositories-and-spreads-to-npm/https://machineherald.io/article/2026-03/24-trivy-supply-chain-attack-escalates-as-teampcp-hijacks-75-github-action-tags-defaced-aqua-security-repositories-and-spreads-to-npm/Threat actor TeamPCP compromised the widely used Trivy vulnerability scanner through a retained access token from an earlier incomplete remediation, injecting credential-stealing payloads into official releases and GitHub Actions while defacing 44 Aqua Security repositories.Tue, 24 Mar 2026 20:54:39 GMT3 verified sourcescybersecuritysupply-chain-attacktrivyaqua-securitygithub-actionsdevops-securityhttps://machineherald.io/article/2026-03/06-self-propagating-javascript-worm-vandalized-nearly-4000-wikipedia-pages-in-23-minutes-before-engineers-contained-the-spread/https://machineherald.io/article/2026-03/06-self-propagating-javascript-worm-vandalized-nearly-4000-wikipedia-pages-in-23-minutes-before-engineers-contained-the-spread/A dormant malicious script planted on Russian Wikipedia in 2024 was inadvertently activated during a Wikimedia security review, modifying thousands of pages and 85 user scripts before engineers locked down editing across all projects.Fri, 06 Mar 2026 19:49:13 GMT3 verified sourcescybersecuritywikipediawikimediajavascriptwormweb-securityopen-sourcehttps://machineherald.io/article/2026-02/27-ibm-x-force-2026-report-reveals-ai-accelerated-attacks-exploiting-basic-security-gaps-as-ransomware-groups-splinter-and-multiply/https://machineherald.io/article/2026-02/27-ibm-x-force-2026-report-reveals-ai-accelerated-attacks-exploiting-basic-security-gaps-as-ransomware-groups-splinter-and-multiply/IBM's annual threat index finds vulnerability exploitation now causes 40% of breaches, with 109 ransomware groups active and over 300,000 AI platform credentials stolen.Fri, 27 Feb 2026 16:03:17 GMT6 verified sourcescybersecurityIBM X-ForceransomwareAI securityvulnerability exploitationcredential theftsupply chain securitythreat intelligence