Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the […]
Category: Malicious
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan […]
Malicious Go Crypto Module Steals Passwords, Deploys Rekoobe Backdoor
Ravie LakshmananFeb 27, 2026Malware / Linux Security Cybersecurity researchers have disclosed details of a malicious Go module that’s designed to […]
Malicious StripeApi NuGet Package Mimicked Official Library and Stole API Tokens
Ravie LakshmananFeb 26, 2026Malware / Software Security Cybersecurity researchers have disclosed details of a new malicious package discovered on the […]
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware
Ravie LakshmananFeb 25, 2026Cybersecurity / Malware Cybersecurity researchers have discovered four malicious NuGet packages that are designed to target ASP.NET […]
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster […]
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that’s designed to steal data associated with Meta Business Suite and […]
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions […]
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts
Ravie LakshmananJan 22, 2026Cryptojacking / Malware A new malicious package discovered in the Python Package Index (PyPI) has been found […]
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise […]