惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LangChain Blog
博客园 - 司徒正美
美团技术团队
WordPress大学
WordPress大学
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
人人都是产品经理
人人都是产品经理
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Troy Hunt's Blog
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
云风的 BLOG
云风的 BLOG
Engineering at Meta
Engineering at Meta
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
B
Blog
NISL@THU
NISL@THU
月光博客
月光博客
博客园 - 【当耐特】
AWS News Blog
AWS News Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
腾讯CDC
L
Lohrmann on Cybersecurity
The Cloudflare Blog
L
LINUX DO - 最新话题
S
Security @ Cisco Blogs
S
Secure Thoughts
Spread Privacy
Spread Privacy
有赞技术团队
有赞技术团队
The Last Watchdog
The Last Watchdog
Project Zero
Project Zero
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Vercel News
Vercel News
H
Hacker News: Front Page
S
SegmentFault 最新的问题
Schneier on Security
Schneier on Security
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
博客园 - 三生石上(FineUI控件)
Forbes - Security
Forbes - Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
InfoQ
T
Tailwind CSS Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
G
GRAHAM CLULEY
W
WeLiveSecurity
小众软件
小众软件
Recorded Future
Recorded Future
Cyberwarzone
Cyberwarzone
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Aikido Security's Blog

Axios CVE-2026-40175: a critical bug that’s… not exploitable GlassWorm goes native: New Zig dropper infects every IDE on your machine Aikido Attack finds multiple 0-days in Hoppscotch The cybersecurity doomerism around Mythos doesn't match what we see on the ground axios compromised on npm: maintainer account hijacked, RAT deployed Popular telnyx package compromised on PyPI by TeamPCP Aikido × Lovable: Vibe, Fix, Ship CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran TeamPCP deploys CanisterWorm on NPM following Trivy compromise Security testing is validating software that no longer exists Aikido Recognized by Frost & Sullivan with the 2026 Customer Value Leadership Award in ASPM GlassWorm Hides a RAT Inside a Malicious Chrome Extension fast-draft Open VSX Extension Compromised by BlokTrooper Glassworm Strikes Popular React Native Phone Number Packages Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories How Security Teams Fight Back Against AI-Powered Hackers Introducing Betterleaks, an open source secrets scanner by the author of Gitleaks Trump’s 2026 cybersecurity strategy: From compliance to consequence How does AI pentesting work with compliance? What continuous pentesting actually requires Rare Not Random: Using Token Efficiency for Secrets Scanning Persistent XSS/RCE using WebSockets in Storybook’s dev server Why Determinism Is Still a Necessity in Security WAF vs. RASP vs. ADR Introducing Aikido Infinite: A new model of self-securing software How Aikido secures AI pentesting agents by design Astro Full-Read SSRF via Host Header Injection How to Get Your Board to Care About Security (Before a Breach Forces the Issue) What is Slopsquatting? The AI Package Hallucination Attack Already Happening SvelteSpill: A Cache Deception Bug in SvelteKit + Vercel Top 6 Wiz Code Alternatives Aikido recognized as Platform Leader in Latio Tech's 2026 Application Security Report From detection to prevention: How Zen stops IDOR vulnerabilities at runtime npm backdoor lets hackers hijack gambling outcomes Introducing Upgrade Impact Analysis: When breaking changes actually matter to your code Why Trying to Secure OpenClaw is Ridiculous Claude Opus 4.6 found 500 vulnerabilities. What does this change for software security? Introducing Aikido Expansion Packs: Safer defaults inside the IDE International AI Safety Report 2026: What It Means for Autonomous AI Systems Self-Securing Software: What It Is, Why It Matters, and How It Works npx Confusion: Packages That Forgot to Claim Their Own Name What Is Continuous Pentesting? Introducing Aikido Package Health: a Better Way to Trust Your Dependencies AI Pentesting: Minimum Safety Requirements for Security Testing Secure SDLC for Engineering Teams (+ Checklist) Fake Clawdbot VS Code Extension Installs ScreenConnect RAT G_Wagon: npm Package Deploys Python Stealer Targeting 100+ Crypto Wallets Malicious PyPI Packages spellcheckpy and spellcheckerpy Deliver Python RAT Top 10 AI Security Tools For 2026 Agent Skills Are Spreading Hallucinated npx Commands Understanding Open-Source License Risk in Modern Software The CISO Vibe Coding Checklist for Security Top 6 Graphite alternatives for AI code review in 2026 From “No Bullsh*t Security” to $1B: We Just Raised Our $60m Series B Critical n8n Vulnerability Allows Unauthenticated Remote Code Execution (CVE-2026-21858) Top 14 VS Code Extensions for 2026 AI-Driven Pentesting of Coolify: Seven CVEs Identified Top Continuous Pentesting Tools in 2026 SAST vs SCA: Securing the Code You Write and the Code You Depend On JavaScript, MSBuild, and the Blockchain: Anatomy of the NeoShadow npm Supply-Chain Attack How Engineering and Security Teams Can Meet DORA’s Technical Requirements IDOR Vulnerabilities Explained: Why They Persist in Modern Applications Shai Hulud strikes again - The golden path MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847) and How to Fix It First Sophisticated Malware Discovered on Maven Central via Typosquatting Attack on Jackson The Fork Awakens: Why GitHub’s Invisible Networks Break Package Security Top 10 Cyber Security Tools For 2026 SAST in the IDE is now free: Moving SAST to where development actually happens AI Pentesting in Action: A TL;DV Recap of Our Live Demo The Top 7 Threat Intelligence Tools in 2026 React & Next.js DoS Vulnerability (CVE-2025-55184): What You Need to Fix After React2Shell OWASP Top 10 for Agentic Applications (2026): What Developers and Security Teams Need to Know DAST vs Pentesting v AI Pentesting: Why DAST Cannot Replace Modern Pentesting PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents Top 7 Cloud Security Vulnerabilities Critical React & Next.js RCE Vulnerability (CVE-2025-55182): What You Need to Fix Now How to Comply With the UK Cybersecurity & Resilience Bill: A Practical Guide for Modern Engineering Teams Shai Hulud 2.0: What the Unknown Wonderer Tells Us About the Attackers’ Endgame SCA Everywhere: Scan and Fix Open-Source Dependencies in Your IDE Safe Chain now enforces a minimum package age before install Shai Hulud Attacks Persist Through GitHub Actions Vulnerabilities Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised CORS Security: Beyond Basic Configuration Revolut Selects Aikido Security to Power Developer-First Software Security The Future of Pentesting Is Autonomous How Aikido and Deloitte are bringing developer-first security to enterprise Secrets Detection: A Practical Guide to Finding and Preventing Leaked Credentials Invisible Unicode Malware Strikes OpenVSX, Again AI as a Power Tool: How Windsurf and Devin Are Changing Secure Coding Building Fast, Staying Secure: Supabase’s Approach to Secure-by-Default Development OWASP Top 10 2025: Official List, Changes, and What Developers Need to Know Top 10 JavaScript Security Vulnerabilities in Modern Web Apps The Return of the Invisible Threat: Hidden PUA Unicode Hits GitHub repositorties Top 7 Black Duck Alternatives in 2026 What Is IaC Security Scanning? Terraform, Kubernetes & Cloud Misconfigurations Explained AutoTriage and the Swiss Cheese Model of Security Noise Reduction Top Software Supply Chain Security Vulnerabilities Explained The Top 7 Kubernetes Security Tools Top 10 Web Application Security Vulnerabilities Every Team Should Know What Is CSPM (and CNAPP)? Cloud Security Posture Management Explained
Gone Phishin': npm Packages Serving Custom Credential Harvesting Pages
Charlie Eriksen · 2026-01-23 · via Aikido Security's Blog

At 2026-01-20 18:03 UTC, our system started alerting us to a new npm package called flockiali. Within 26 minutes, the attacker published four versions. Two days later, they went on a publishing spree: opresc, prndn, oprnm, and operni. By the time we looked closer, we'd uncovered a highly targeted spear-phishing campaign hitting employees at industrial and energy companies across Europe, the Middle East, and the United States.

And the delivery mechanism? npm + jsDelivr. Because why host your own phishing infrastructure when you can freeload off someone else's CDN?

What we found

The packages contain a single JavaScript file that, when loaded, completely replaces the webpage with a phishing kit. But here's what makes this interesting: each version targets a specific person.

We found five targets across five companies:

  • flockiali v1.2.5 targets someone at CQFD Composites, a French composites manufacturer
  • flockiali v1.2.6 targets someone at Ingeteam, a Spanish wind turbine company
  • opresc v1.0.0 targets someone at Emagine, a UAE EV charging company
  • prndn and oprnm both target the same person at Amixon GmbH, a German industrial mixing company
  • operni v1.2.7 targets someone at CMC America, a US baking equipment company

The attacker isn't spray-and-praying. They're publishing new packages for each target. And when one target is particularly interesting, they publish multiple packages with different delivery paths.

The attack flow

Here's what happens when a victim opens the phishing link.

The page loads showing a fake "Micro-Share" file sharing interface:

📁 Micro-Share
   secure file sharing
   Secure shared documents, kindly verify your email and continue.
   The following documents have been securely shared with [victim]@ingeteam.com

   📄 Specification.pdf
      - RFQ.pdf
      - Project descriptions.pdf
      - equipment's end destination.pdf

                    [ Download ]

The documents are engineering-themed: RFQs, project specifications, CAD files. Exactly what you'd expect someone at an industrial company to receive.

When the victim clicks "Download," the page transitions to a Microsoft-branded login screen:

⊞ Microsoft

Sign in

⚠ Authentication required. Click next to sign in and continue download.

┌────────────────────────────────────────┐
│ [victim]@ingeteam.com                  │  (read-only)
└────────────────────────────────────────┘

No account? Create one
Can't access your account?

                              [ Next ]

The victim's email is already filled in and marked read-only. When they click "Next," they get shipped off to the credential harvesting server:

window.location.href = "https://login.siemensergy[.]icu/DIVzTaSF";

Yep, siemensergy[.]icu. That's a typosquat of Siemens Energy. The attacker clearly did their homework on who their targets do business with.

Anti-bot tricks

The phishing kit isn't messing around. It includes several techniques to avoid automated analysis.

It checks for WebDriver (navigator.webdriver), empty plugin lists, and zero screen dimensions. It filters user-agents matching /bot|crawl|spider|headless|HeadlessChrome/i. It includes honeypot form fields that, if filled by bots, trigger the kill switch. And the download button stays disabled until the page detects mouse movement or touch events. No interaction, no phishing.

v1.2.5 goes further with a surprisingly sophisticated mouse trajectory analyzer:

isLegitimateTrajectory() {
  if (this.mouseTrail.length < 20) return false;
  const t = this.mouseTrail.slice(-10);
  const variance = t.reduce((acc, p) => 
    acc + Math.pow(p.x - t[0].x, 2), 0) / 10;
  return variance > 100;
}

This calculates the variance of the last 10 mouse positions. If your cursor moved in a suspiciously straight line (like a bot would), variance stays low and the button never enables. Real humans wiggle.

Someone put real effort into this phishing kit.

Five packages, five targets, two templates

The payload versions aren't just targeting different people. They use two different phishing kit designs.

The v1.2.5 payload (targeting CQFD Composites) uses a "MicroSecure Pro" brand with a purple gradient and Inter font. It shows CAD files and engineering deliverables as bait, has the sophisticated mouse trajectory analyzer, and sends credentials to oprsys.deno[.]dev.

The rest (v1.2.6, opresc, prndn, oprnm, operni) use a cleaner "Micro-Share" design with white backgrounds and Segoe UI. They show RFQs and project specs, use basic interaction checks, and send credentials to the Siemens Energy typosquats.

The v1.2.5 kit is flashier with animations and gradient backgrounds. The newer kits are more minimal, closer to what Microsoft actually looks like. Maybe the attacker A/B tested and found simpler converts better. Or maybe they're just iterating.

The CMC America payload (operni) has customized document lures for the food industry: "Product specifications and ingredient details", "Production capacity targets and operational parameters". The attacker is tailoring their bait.

What's interesting is the C2 choice. All the recent targets get sent to Siemens Energy typosquats. That's not random. Ingeteam makes wind turbines. Emagine does EV charging infrastructure. Amixon and CMC America make industrial mixing equipment (Amixon even works with battery materials). All operate in markets where Siemens Energy is a major player. The attacker researched their targets' business relationships.

Note the subtle evolution: siemensergy[.]icu (no hyphen) became siemens-energy[.]icu (with hyphen). The second variant is closer to the real siemens-energy[.]com domain. We confirmed via DNS that the no-hyphen domain has no records at all. The attacker abandoned it.

The infrastructure tells a story

Here's where it gets interesting. We used certificate transparency logs to look at when the C2 infrastructure was set up. The first SSL cert for *.siemens-energy[.]icu was issued on October 24, 2025. Then renewals on January 14, 16, and 17. The npm campaign started January 20.

The attacker registered the domain and got SSL certs three months before the npm packages appeared. Let that sink in. This isn't opportunistic. Someone planned this operation, set up infrastructure in October 2025, and then waited.

The C2 server (163.123.236[.]118) is hosted by RackGenius, a small hosting provider in Muskegon, Michigan. Meanwhile, the older v1.2.5 payload uses oprsys.deno[.]dev, which resolves to Google Cloud infrastructure (Deno Deploy). Free serverless hosting for phishing. Classic. We notified the Deno team about this campaign when we observed it, and they were very quick in taking it down. 

Why npm + jsDelivr?

The package.json tells the story:

{
  "keywords": ["jsdelivr", "cdn", "template"],
  "main": "resp/template.min.js"
}

jsDelivr automatically mirrors npm packages. Publish to npm, get instant CDN hosting at cdn.jsdelivr[.]net/npm/flockiali@1.2.6/resp/template.min.js. No servers to maintain, no hosting to pay for, and the victim sees a legitimate-looking CDN URL instead of a sketchy phishing domain.

The timeline

January 20th (four versions in 26 minutes):

  • 18:03 UTC: flockiali v1.2.3 (empty placeholder)
  • 18:10 UTC: flockiali v1.2.4 (metadata update)
  • 18:15 UTC: flockiali v1.2.5 (CQFD Composites target)
  • 18:29 UTC: flockiali v1.2.6 (Ingeteam target)

January 22nd (five more packages):

  • 09:52 UTC: opresc v1.0.0 (Emagine target)
  • 12:29 UTC: prndn v1.0.0 (Amixon target)
  • 12:49 UTC: oprnm v1.0.0 (Amixon again)
  • 13:11 UTC: operni v1.2.6 (broken, empty)
  • 13:16 UTC: operni v1.2.7 (CMC America target)

The attacker has a list of targets and they're working through it. The Amixon employee got two packages 20 minutes apart (overkill, much?). The CMC America package had a typo (reps/ instead of resp/) and a broken first version. Oops. This attacker is moving fast and making mistakes.

What should you do?

If you're at one of the targeted companies, check if anyone received links to jsDelivr URLs or clicked anything related to "Micro-Share" document sharing.

Search email logs for links containing cdn.jsdelivr[.]net/npm/flockiali, cdn.jsdelivr[.]net/npm/opresc, cdn.jsdelivr[.]net/npm/prndn, cdn.jsdelivr[.]net/npm/oprnm, or cdn.jsdelivr[.]net/npm/operni. Block the IOC domains at your perimeter. If credentials were entered, rotate them immediately.

Indicators of Compromise

C2 domains:

  • login.siemens-energy[.]icu (163.123.236[.]118, RackGenius)
  • login.siemensergy[.]icu (abandoned, no DNS)
  • oprsys.deno[.]dev (34.120.54[.]55, Deno Deploy)

Phishing URLs:

  • https://login.siemensergy[.]icu/DIVzTaSF
  • https://login.siemens-energy[.]icu/DIVzTaSF

jsDelivr URLs:

  • hxxps://cdn.jsdelivr[.]net/npm/flockiali@1.2.6/resp/template.min.js
  • hxxps://cdn.jsdelivr[.]net/npm/flockiali@1.2.5/resp/template.min.js
  • hxxps://cdn.jsdelivr[.]net/npm/opresc@1.0.0/resp/template.min.js
  • hxxps://cdn.jsdelivr[.]net/npm/prndn@1.0.0/template.min.js
  • hxxps://cdn.jsdelivr[.]net/npm/oprnm@1.0.0/resp/template.min.js
  • hxxps://cdn.jsdelivr[.]net/npm/operni@1.2.7/reps/template.min.js

Packages:

  • flockiali (1.2.3-1.2.6)
  • opresc (1.0.0)
  • prndn (1.0.0)
  • oprnm (1.0.0)
  • operni (1.2.6-1.2.7)

Payload hashes (SHA256):

  • 3ceb182fb32a8fb0f0fcf056d6ab8de1cf6e789053f1aadc98ba315ae9a96f0c – flockiali 1.2.6
  • fdb6c79a8d01b528698c53ebd5030f875242e6af93f6ae799dee7f66b452bf3e – flockiali 1.2.5
  • 4631584783d84758ae58bc717b08ac67d99dee30985db18b9d2b08df8721348e – opresc
  • 211f88a55e8fe9254f75c358c42bb7e78e014b862de7ea6e8b80ed1f78d13add – prndn/oprnm
  • 7d7f795ac1fcb5623731a50999f518877fd423a5a98219d0f495c488564a1554 – operni 1.2.7

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。