GlassWorm Malware Uses Solana Dead Drops to Deliver RAT and Steal Browser, Crypto Data

Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and installing a remote access trojan RAT, which deploys an information-stealing Google Chrome extension masquerading as an offline version of...

MAL-2025-151256 Malicious code in abiba-avbai-abun (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbbd4d70525ef9c588d299ec4cbca22b05fcb04543e8c7bfb8adf5efdfcab1bb This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-145901 Malicious code in orbit-bellatrix-titan-kronos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a567f1ed8455c1488e6bc4ec30bfc6f16a9ce9fad068780f75d21a0924f3c6c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in mui-nebula-gemini-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0997b9321571e9cd41dfbf04b6b87f0ca2550c498b2cd413ea4b5f0355f24d15 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in promise-ursa-testcafe-spawn (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4e74f0fa1c64ea786e96b6603912346725d9b64ad775fcaf397f28f74b1d7420 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-113992 Malicious code in fit_booby_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c080c35a64e804bab439b8fa494454ae0fbfda338dcd8f908207774b3edf3d13 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nina-tempe10-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 13849d616e73f6582818d9e1d3eabd9a5bbb9280d00375628aa52ecfb11ae5df This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Hackers Distributing Malicious Python Packages via Popular Developer Q&A Platform

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer Q&A platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining...

Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems

The notorious North Korean state-backed hacking group Lazarus uploaded four packages to the Python Package Index PyPI repository with the goal of infecting developer systems with malware. The packages, now taken down, are pycryptoenv, pycryptoconf, quasarlib, and swapmempool. They have been...

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting...

Malicious code in esqurlget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx fa464a38cea62cb9bf781c0c7062f12903500568dd0119aa744a1ab2b3b1a3d6 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one...

Malicious code in websocket-clientt (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 33cf4131351db40feeeab46a20ef29dbf2694a7cfbaf07b5927603a5dd8e4f03 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Researchers Uncover 3 PyPI Packages Spreading Malware to Developer Systems

A threat actor by the name Lolip0p has uploaded three rogue packages to the Python Package Index PyPI repository that are designed to drop malware on compromised developer systems. The packages – named colorslib versions 4.6.11 and 4.6.12, httpslib versions 4.6.9 and 4.6.11, and libhttps version...

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index PyPI and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all...

Malicious NPM Packages Target German Companies in Supply Chain Attack

Cybersecurity researchers have discovered a number of malicious packages in the NPM registry specifically targeting a number of prominent media, logistics, and industrial firms based in Germany to carry out supply chain attacks. "Compared with most malware found in the NPM repository, this payloa...

CISA warns of trojanized versions of JavaScript library’s NPM package

By Deeba Ahmed The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. This is a post from HackRead.com Read the original post: CISA warns of trojanized versions of JavaScript librarys NPM package...