Based on reporting by The Hacker News →
Introduction
It’s one thing to deal with a script kiddie; it’s another to face a criminal operation that ships attack kits via public repos, rents out browser-cloning RATs at a predictable monthly fee, and turns credential theft into an automated pipeline. This week, The Hacker News reported that the attack surface just got smoother—and smaller security teams are the ones who pay.
The problem
According to a report by The Hacker News, this week’s “ThreatsDay Bulletin” documented a supply-chain attack kit leaked to a public repository, a $5,000-per-month remote-access trojan (RAT) capable of cloning browser sessions, and research confirming that AI agents can be socially engineered into leaking real credentials. The bulletin further noted that mule networks now operate with the polish of a SaaS product. These are not isolated, chaotic events—they are indicators of a professionalized criminal ecosystem that treats infrastructure like a subscription service.
Consequences
For any organization running a WordPress site, WooCommerce store, or bespoke web application, the risk is existential. A supply-chain attack kit in a public repo means that even your trusted plugins or themes could deliver a backdoor as part of a routine update. The browser-cloning RAT, priced like enterprise software, puts every authenticated session—admin panels, payment gateways, customer accounts—at risk of instant takeover. And the AI-agent research proves that even automated defenders can be tricked, which means manual oversight is no longer optional; it is the only safety net.