Glassworm Strikes Popular React Native Phone Number Packages
Aikido Security researchers recovered and decrypted the full payload chain from two malicious React Native packages. Here's what the malware does and what to look for. Category: Vulnerabilities &…
Read the full articleYou might also wanna read
Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor
aikido.dev·3mo agoGlassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor
aikido.dev·3mo ago
Snyk finds 200+ malicious npm packages, including Cobalt Strike dependency confusion attacks
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for d
npm Supply Chain Attack: Multiple Popular Packages Hijacked (1B+ Weekly Downloads)
Complete analysis of sophisticated crypto wallet drainer found in 21 npm packages with over one billion weekly downloads. Includes detailed
Glassworm Malware Campaign Targets Developers via npm, PyPI, OpenVSX, and GitHub
A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusi
cybersecuritynews.com·1mo agoGlassWorm: First Self-Propagating Worm Targets VS Code Extensions with Invisible Code
A month after Shai Hulud became the first self-propagating worm in the npm ecosystem, we just discovered the world's first worm targeting VS
MAL-2026-10055: Malicious code in chain-chai-async (npm)
The npm package chain-chai-async version 1.3.5 impersonates the legitimate pino logging library by copying its source files and exporting a

Comments
Sign in to join the conversation.
No comments yet. Be the first.