Cybersecurity researchers have flagged a “coordinated malware campaign” on the JetBrains Marketplace that has published no less than 15 malicious […]
Category: Malicious
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of […]
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm […]
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one […]
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Ravie LakshmananApr 22, 2026Cloud Security / Software Security Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” […]
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
Ravie LakshmananApr 14, 2026Data Theft / Browser Security Cybersecurity researchers have discovered a new campaign in which a cluster of […]
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised […]
Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks
Ravie LakshmananMar 27, 2026Software Security / DevSecOps Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish […]
Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the […]
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan […]