ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories

This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next. Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions...

EUVD-2025-117029

Malicious code in thin-copper-leopard npm...

EUVD-2025-117463

Malicious code in creepy-copper-leopard npm...

Malicious code in exclusive-amaranth-leopard (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8360dffed6c70e9c222c697a15ab756366193c77dff4a7f17660630761ee9db0 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-117400

Malicious code in exclusive-amaranth-leopard npm...

Malicious code in cuddly_leopard_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1751fb34483a525f4d62fa0cd17f65d6fd8a3b1930be3aa763b414e1585aff96 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-102700

Malicious code in recentleopardz3n npm...

EUVD-2025-100174

Malicious code in cuddlyleopardz3n npm...

EUVD-2025-98867

Malicious code in femaleleopardz3n npm...

EUVD-2025-95725

Malicious code in protectiveleopardz3n npm...

EUVD-2025-104679

Malicious code in historicleopardz3n npm...

EUVD-2025-105992

Malicious code in conventionalleopardz3n npm...

Malicious code in parallel_leopard_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 601d6045f708848555985fc75e991ef1ca581ecebf3ac95457c4c47e38c9d670 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-96533

Malicious code in marriedleopardz3n npm...

EUVD-2025-95858

Malicious code in parallelleopardz3n npm...

EUVD-2025-92872

Malicious code in chiefleopardz3n npm...

Malicious code in varying_leopard_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c081730e57989df72eb1ac98835cf157bc911378d880837e66ad987d37d31351 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-88111

Malicious code in varyingleopardz3n npm...

EUVD-2025-91817

Malicious code in foreignleoponz3n npm...

EUVD-2025-92611

Malicious code in definiteleopardz3n npm...