GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing...

Developer-targeting campaign using malicious Next.js repositories

Microsoft Defender Experts identified a coordinated developer-targeting campaign delivered through malicious repositories disguised as legitimate Next.js projects and technical assessment materials. Telemetry collected during this investigation indicates the activity aligns with a broader cluster...

Malicious Package

Overview node-tailwind is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. On...

North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing another set of 67 malicious packages to the npm registry, underscoring ongoing attempts to poison the open-source ecosystem via software supply chain attacks. The packages, per Socket, have...

Sketchy NuGet Package Likely Linked to Industrial Espionage Targets Developers

Threat hunters have identified a suspicious package in the NuGet package manager that's likely designed to target developers working with tools made by a Chinese firm that specializes in industrial- and digital equipment manufacturing. The package in question is SqzrFramework480, which...

Malicious code in pykooler (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 62467741e97dcaabf79c3644575f93878d1abbf8757c6b67610de40e566ccd4f Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in pylioner (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fc1b84bc437c3cc8804d2ce8eb8462c86b41882106840bf09fbad261fb6a0bb5 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in pywhool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 54738d1aef580f087fec1311b411aa6ddd2d7affb4b44353dd7f3d6a569a0ed9 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

Malicious code in pywool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ba602a97accda8e614fcf38d1af1cb7f1878bf2bd450b21f1be16a4c260123a Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

MAL-2023-7996 Malicious code in @pagseguro/nest (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx b16a70a89161283b99538bb25fdbaecc235a75a73c7a471c98ad831fc08a7cdf Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Github Repository Owners Targeted by Data-Stealing Malware

Phishing emails zeroing in on developers who own Github repositories were infecting victims with malware capable of stealing data through keyloggers and modules that would snag screenshots. Researchers at Palo Alto Networks this week said that in mid-January, an unknown number of developers were...