All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Glassworm Strikes Popular React Native Phone Number Packages

Aikido Security researchers recovered and decrypted the full payload chain from two malicious React Native packages. Here's what the malware does and what to look for. Category: Vulnerabilities &…

Read the full article
3mo ago

You might also wanna read

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor

aikido.dev·3mo ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor

aikido.dev·3mo ago

Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks

Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d

Snyk·4y ago

npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)

Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed

safedep.io·10mo ago

Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub

A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusi

cybersecuritynews.com·1mo ago

GlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code

A month after Shai Hulud became the first self-propagating worm in the npm ecosystem, we just discovered the world's first worm targeting VS

koi.ai·8mo ago

MAL-2026-10055: Malicious code in chain-chai-async (npm)

The npm package chain-chai-async version 1.3.5 impersonates the legitimate pino logging library by copying its source files and exporting a

radar.offseq.com·18h ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.