BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
Live·36 d ago·Malicious npm targets Claude AI user directory
31 articles·4 streams
BBLabs News · EN

One technical cybersecurity story a day. Zero noise.

Technical newsletter de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Browse all articlesVersión en español
Destacado
IA4 jun 2026·2 min

Malicious npm targets Claude AI user directory

npm package `mouse5212-super-formatter` exfiltrates files from Claude AI's user data directory to GitHub.

  • Audit global npm dependencies with `npm ls -g` to catch unknown packages.
  • Review `/mnt/user-data` contents and treat any sensitive files there as compromised.
  • Block unexpected outbound traffic to `api.github.com` from dev processes in your SIEM.
Gorka El Bochi Morillo
Leer artículo
Ciberataques4 jun 2026·2 min

Megalodon malware hits 5,500+ GitHub repos in 6 hours

Megalodon malware pushed malicious commits to 5,500+ GitHub repos in six hours, stealing developer credentials and secrets.

Leer artículo
IA3 jun 2026·2 min

ChatGPhish: how ChatGPT web summaries become phishing lures

ChatGPT's web summary renderer trusts external Markdown, enabling indirect prompt injection attacks that deliver phishing links inside trusted AI responses.

Leer artículo
Ciberataques3 jun 2026·2 min

JINX-0164 hits crypto firms with fake recruiter macOS malware

JINX-0164 uses fake recruiter lures to deploy custom macOS malware against crypto firms and steal digital assets.

Leer artículo
IA2 jun 2026·2 min

Claude Mythos goes public: what the security delay means

Anthropic confirms Mythos-class Claude models will reach the public after a delay over software security risks.

Leer artículo
IA1 jun 2026·1 min

GreyVibe uses ChatGPT & Gemini to power cyberattacks

Russian-linked GreyVibe cluster weaponizes ChatGPT and Gemini to generate phishing lures targeting Ukrainian organizations.

Leer artículo
Ciberataques1 jun 2026·2 min

Dutch police arrest admins of bulletproof hosting used by Russian hackers

Dutch authorities arrested two admins of a bulletproof hosting service — infrastructure that ignores legal takedown requests — used by Russia-aligned threat actors.

Leer artículo
CVE1 jun 2026·2 min

Microsoft removes GitHub account over public zero-day drops

Microsoft removes GitHub account of researcher who publicly dropped zero-days without coordinated disclosure, then publicly endorses CVD.

Leer artículo
Ciberataques31 may 2026·2 min

Dutch police seize 200+ servers, kill 17M-device botnet

Dutch police take down a 17-million-device botnet and seize 200+ servers from a local hosting provider.

Leer artículo
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi