Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that’s capable of targeting Windows, […]
Category: Malicious
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts […]
Malicious VSX Extension “SleepyDuck” Uses Ethereum to Keep Its Command Server Alive
Nov 03, 2025Ravie LakshmananCryptocurrency / Threat Intelligence Cybersecurity researchers have flagged a new malicious extension in the Open VSX registry […]
175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign
Oct 10, 2025Ravie LakshmananCybercrime / Malware Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm […]
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
Sep 06, 2025Ravie LakshmananSoftware Security / Cryptocurrency A new set of four malicious packages have been discovered in the npm […]
Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers
Sep 03, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have discovered two new malicious packages on the npm registry that […]
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Sep 02, 2025Ravie LakshmananCryptocurrency / Malware Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to […]
Malicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI Credentials
The maintainers of the nx build system have alerted users to a supply chain attack that allowed attackers to publish […]
Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot
Aug 24, 2025Ravie LakshmananMalware / Supply Chain Security Cybersecurity researchers have discovered a malicious Go module that presents itself as […]
Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks
Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a […]