Apr 15, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package […]
Category: Malicious
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses
Apr 10, 2025Ravie LakshmananMalware / Cryptocurrency Threat actors are continuing to upload malicious packages to the npm registry so as […]
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Apr 05, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) […]
Malicious npm Package Modifies Local ‘ethers’ Library to Launch Reverse Shell Attacks
Mar 26, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have discovered two malicious packages on the npm registry that […]
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
Mar 15, 2025Ravie Lakshmanan Malware / Supply Chain Security Cybersecurity researchers have warned of a malicious campaign targeting users of […]
This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions
Mar 07, 2025Ravie LakshmananMalware / Blockchain Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) […]
Malicious PyPI Package “automslc” Enables 104K+ Unauthorized Deezer Music Downloads
Feb 26, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) […]
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Feb 08, 2025Ravie LakshmananArtificial Intelligence / Supply Chain Security Cybersecurity researchers have uncovered two malicious machine learning (ML) models on […]
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the […]
Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities […]