Supply-Chain

Amazon_web_services

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours

Cybersecurity investigators have revealed that a threat actor identified as UNC6426 successfully breached a company’s cloud infrastructure within 72 hours by abusing credentials stolen during a software supply chain compromise involving the Nx npm package. According to findings published in the Google Cloud Threat Horizons Report H1 2026, the attacker initially obtained a developer’s GitHub token. This credential enabled […]

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours Read More »

Five Malicious

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets

Security researchers have uncovered a group of malicious packages written in the Rust programming language that were uploaded to the official Rust package registry crates.io. These packages were disguised as utilities designed to manage or synchronize system time but were actually created to steal sensitive developer data. The five malicious crates identified are: According to researchers from Socket, the

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets Read More »

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials

Cybersecurity researchers have identified a malicious npm package that pretends to be an installer for OpenClaw but actually deploys a remote access trojan and steals sensitive information from macOS systems. The package, called @openclaw-ai/openclawai, was uploaded to the npm registry on March 3, 2026 by a user named “openclaw-ai”. Security researchers observed that the package had

Malicious npm Package Disguised as OpenClaw Installer Installs RAT and Steals macOS Credentials Read More »

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux

Cybersecurity researchers have uncovered malicious PHP packages on Packagist that impersonate legitimate Laravel utilities while secretly deploying a cross platform remote access trojan capable of running on Windows, macOS, and Linux systems. The packages, published under the vendor namespace nhattuanbl, include: According to findings from Socket, the lara-swagger package does not directly contain malicious code. Instead,

Malicious Laravel Packages on Packagist Deliver RAT Across Windows, macOS, and Linux Read More »

North Korean Hackers Release 26 Malicious npm Packages Concealing Pastebin C2 for Cross-Platform RAT

Cybersecurity researchers have uncovered a fresh wave of the ongoing Contagious Interview campaign, revealing that North Korean threat actors uploaded 26 malicious packages to the npm registry. These packages were disguised as legitimate developer utilities but secretly delivered credential stealing malware and a cross platform remote access trojan, RAT. The activity, tracked by Socket and

North Korean Hackers Release 26 Malicious npm Packages Concealing Pastebin C2 for Cross-Platform RAT Read More »

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor

Cybersecurity researchers have uncovered a harmful Go programming module that impersonates a trusted cryptography library while secretly stealing passwords and deploying a Linux backdoor known as Rekoobe. The rogue package, published under the path github[.]com/xinfeisoft/crypto, mimics the legitimate Go cryptography repository golang.org/x/crypto. However, instead of providing safe cryptographic utilities, it embeds hidden functionality designed to intercept sensitive

Malicious Go Crypto Module Steals Passwords and Installs Rekoobe Backdoor Read More »

Malicious NuGet Packages Stole ASP.NET Data While npm Package Delivered Malware

Cybersecurity analysts have uncovered four harmful NuGet packages designed to infiltrate ASP.NET development environments and secretly extract sensitive application data. The campaign, identified by Socket, focused on compromising applications during development rather than directly attacking developers’ machines. The rogue packages were uploaded to the official NuGet repository between August 12 and 21, 2024, by a user

Malicious NuGet Packages Stole ASP.NET Data While npm Package Delivered Malware Read More »

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have uncovered an active supply chain attack leveraging at least 19 malicious npm packages to harvest credentials, cryptocurrency private keys, CI secrets, and API tokens from developer environments. The campaign, named SANDWORM_MODE by Socket, exhibits worm like behavior similar to earlier Shai Hulud style attacks. The malware is designed not only to extract sensitive

Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens Read More »

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems

A recent software supply chain incident impacted the open source AI coding assistant Cline CLI, after attackers published a compromised version to the npm registry that silently installed OpenClaw on developer systems. On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to release cline@2.3.0. The altered package included

Cline CLI 2.3.0 Supply Chain Attack Deployed OpenClaw on Developer Systems Read More »

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs

Cybersecurity researchers have uncovered serious security vulnerabilities in four widely used Microsoft Visual Studio Code extensions. These flaws could allow attackers to steal sensitive local files and remotely execute malicious code on developers’ machines. The affected extensions, installed more than 125 million times collectively, include Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live

Critical Vulnerabilities Discovered in Four VS Code Extensions with Over 125 Million Installs Read More »