Aikido Security and Socket have disclosed that several packages in the Laravel-Lang PHP ecosystem were compromised and used to ship a ~5,900-line PHP credential stealer that runs automatically the moment any consumer of the package boots. The dropper registers itself in composer.json under autoload.files, so no class instantiation or method call is needed - the payload triggers on every PHP request. It harvests AWS, Azure, GCP, Kubernetes, HashiCorp Vault, Jenkins, GitLab, GitHub Actions, CircleCI, browser data, password-manager vaults, SSH keys, crypto wallets, and VPN configs, then AES-encrypts the bundle and exfiltrates to flipboxstudio[.]info/exfil. The script then deletes itself to limit forensic recovery.
Socket and StepSecurity confirmed three malicious node-ipc releases (9.1.6, 9.2.3, 12.0.1, with 12.0.1 tagged as 'latest') uploaded to npm on May 14, 2026 by co-maintainer account 'atiertant.' Each version carries a byte-identical 80KB obfuscated payload appended as an IIFE to node-ipc.cjs, so it fires on every require('node-ipc') without using install scripts. The malware fingerprints the host, sweeps for 100+ credential and config targets, archives them, and exfiltrates via DNS rather than HTTP. Permiso's Ian Ahl traced the likely attack chain: the maintainer's recovery domain atlantis-software[.]net expired in Jan 2025, was re-registered by an attacker on May 7, 2026, then used to reset the npm password.
BleepingComputer and The Hacker News disclosed a new credential-stealing worm called PCPJack that hunts and removes the well-established TeamPCP malware family before installing itself - the first observed case of one cybercrime operation systematically displacing another at scale. PCPJack exploits five separate vulnerabilities to spread worm-like across cloud and Linux environments, then steals SSH keys, AWS credentials, GitHub tokens, and other secrets. Operators replace TeamPCP files in place rather than just disabling them, suggesting an attempt to inherit TeamPCP's existing victim base. The pattern signals a maturing cybercrime market.
BleepingComputer reports a fake Claude AI website is delivering a previously undocumented Windows malware called Beagle. The site impersonates Anthropic's Claude with a near-perfect clone of the official UI; visitors who click 'Download for Windows' get a Beagle installer rather than the legitimate Claude desktop app (Anthropic distributes Claude through claude.ai and the Mac App Store, not standalone Windows installers). Beagle harvests credentials from browsers, cryptocurrency wallets, Discord tokens, and SSH keys. Distribution is via Google Ads on Claude-related search terms - the same paid-placement abuse pattern hitting GoDaddy ManageWP, AWS, and Notion.