Tsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on Windows

Cybersecurity researchers have warned of an actively expanding botnet dubbed Tsundere that's targeting Windows users. Active since mid-2025, the threat is designed to execute arbitrary JavaScript code retrieved from a command-and-control C2 server, Kaspersky researcher Lisandro Ubiedo said in an...

Malicious code in xo-helios-child-process-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6abf116ef5bd6a77aedf9bcc2b5428a4945e26fbf2e8c0d79a0fccebb457771 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178613

Malicious code in halley-pm2-semantic-ui-commitlint-config-angular npm...

Malicious code in electron-pm2-toml-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f39fb8a9d75395b1785a187dc32fd7123d42ea214d0d3cd4f9526ff421b0a685 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-178143

Malicious code in leda-pm2-lacerta-speleology npm...

EUVD-2025-176225

Malicious code in standard-saturnology-webpack-pm2 npm...

EUVD-2025-177119

Malicious code in pm2-development-postcss-callback npm...

EUVD-2025-179839

Malicious code in celeste-pm2-xerxes-kuiperbelt npm...

EUVD-2025-179972

Malicious code in brane-pm2-isostasy-jekyll npm...

EUVD-2025-179179

Malicious code in electron-pm2-toml-test npm...

EUVD-2025-179626

Malicious code in commitlint-resolvers-procyon-pm2 npm...

EUVD-2025-179522

Malicious code in cosmos-framework-gacrux-pm2 npm...

EUVD-2025-180184

Malicious code in await-pm2-quito-meteor npm...

EUVD-2025-179031

Malicious code in eslint-postcss-loader-pm2-cressida npm...

MAL-2025-186322 Malicious code in corvus-biohacking-helmet-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a7742a784bbf8e25aef209fb9ada0b1ed98d13ae9a49bfeabd7dd63c78da91c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179560

Malicious code in corvus-biohacking-helmet-pm2 npm...

EUVD-2025-180227

Malicious code in auth-pm2-xo-google npm...

EUVD-2025-176962

Malicious code in proxima-hugo-pm2-phoebe npm...

EUVD-2025-177987

Malicious code in lyra-xanthus-csrf-pm2 npm...

Malicious code in zephyr-mongodb-wavefunction-pm2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb6455e842bfed2e45795b6fa4955bfa999151b2b9d2cf8678f31179f7a042f6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...