Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads
Jul 28, 2025Ravie LakshmananMalware / Developer Tools In what's the latest instance…
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
Jun 26, 2025Ravie LakshmananOpen Source / Vulnerability Cybersecurity researchers have disclosed a…
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen…
Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto
As many as 60 malicious npm packages have been discovered in the…
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
Cybersecurity researchers have flagged three malicious npm packages that are designed to…
Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times
May 07, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered…
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
May 03, 2025Ravie LakshmananSupply Chain Attack / Malware Cybersecurity researchers have discovered…
Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack
Apr 23, 2025Ravie LakshmananBlockchain / Cryptocurrency The Ripple cryptocurrency npm JavaScript library…
Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
Apr 19, 2025Ravie LakshmananLinux / Malware Cybersecurity researchers have uncovered three malicious…