Appears on
Articles33
Cybersecurity Startup Publishes Infostealers to NPM
Typosquatted AI-tool packages quietly collected git, SSH, and cloud identity data through install scripts, tracing back to one unexpected publisher
IndonesianFoods Worm Publishes 86,000+ Malicious NPM Packages
NPM was flooded with junk packages that waste infrastructure resources, pollute search results, and creates supply chain risks if devs accidentall consume them.
DPRK Contagious Interview Malware Weaponizes Microsoft VSCode Tasks
Lazarus Group evolves their developer-focused campaign to hide malware in VS Code tasks.json files
Elf-Stats NPM Christmas Spam Campaign
This campaign includes 36 individual packages spread across 23 different NPM users.
DPRK Malware Hiding in Microsoft VSCode Dictionary Files
North Korean threat actors are hiding multi-stage malware droppers in VSCode configuration files, disguised as spell-check dictionaries.
A Comprehensive Analysis of DPRK's Contagious Interview
A single NPM package that led us to the Lazarus Groups latest campaign targeting software engineers using fake recruiters on LinkedIn, Fiverr and UpWork.
Small Open-Source Maintainers Targeted by VS Code Tasks Malware
At least 21 small OSS maintainers hit in 72 hours via malicious VS Code task configurations
DPRK Contagious Interview “Fake Font” Abuses VS Code Tasks
“Lazarus Group's Fake Font campaign abuses VS Code task automation to silently execute BeaverTail malware, delivering the InvisibleFerret backdoor”
Malicious ClawHub Skills Target OpenClaw Users
Malicious ClawdBot skills target ByBit, Polymarket, Axiom, Reddit and LinkedIn, installing malware on unsuspecting OpenClaw user machines.
Malicious ClawHub Skills Use External Websites to Hide in Plain Sight
Threat actors evolved ClawHub malware by moving payloads to convincing fake websites, allowing them to completely circumvent VirusTotal scans.
XPACK Malware Disguises Cryptocurrency Extortion as NPM Package Monetization
A malware campaign weaponizes npm to extort crypto payments from developers during package installation
Neutralinojs Compromised In DPRK Attack
DPRK threat actors compromised Neutralinojs as part of a larger attack that utilizes stolen GitHub credentials to force-push backdated malicious commits
GlassWorm Invades GitHub, NPM, VS Code, and Python
The latest Glassworm attack compromised 430+ GitHub projects by leveraging four different ecosystems
TeamPCP Defaces Aqua Security’s Internal GitHub Org
TeamPCP compromised the aquasec-com GitHub organization, renaming all 44 repositories and exposing internal source code, CI/CD configs, and knowledge bases.
TeamPCP Hijacks LiteLLM's PyPI Package
TeamPCP compromised the LiteLLM maintainer's PyPI account and published malicious versions that steal credentials from every Python process on the host.
Malicious Transitive Dependency in Axios Affects Millions of Users
The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the
TasksJacker DPRK Attack Compromises GitHub Users Via VS Code Tasks
A technical deep-dive into the next generation of DPRK attacks that borrows from Shai-hulud and Contagious Interview to compromise dozens of GitHub users
Has TeamPCP Pivoted To Using The PureHVNC RAT?
New threat campaign using PureHVNC has been tied to TeamPCP.
Hundreds of GitHub Repos Compromised By DPRK's PolinRider Campaign
Lazarus Group compromises GitHub repositories by implanting a malicious, obfuscated JavaScript payload.
Velora (formerly ParaSwap) SDK Version 9.4.1 Compromised And Installing Malware
The npm package @velora-dex/sdk version 9.4.1 contains malicious code that automatically downloads and executes a shell script from a remote server when the
