Supply-Chain

Notepad++ Patches Hijacked Update Mechanism Exploited to Deliver Targeted Malware

The popular text editor Notepad++ has released a critical security update after its software update mechanism was abused in a targeted supply chain attack. The flaw allowed a China linked threat actor to selectively distribute malware to specific users by manipulating the update delivery process. The newly released version 8.9.2 introduces major security reinforcements designed to prevent […]

Notepad++ Patches Hijacked Update Mechanism Exploited to Deliver Targeted Malware Read More »

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems

Cybersecurity researchers have uncovered a new wave of malicious packages in the npm and Python Package Index (PyPI) ecosystems linked to the North Korea-backed Lazarus Group. The campaign, dubbed graphalgo, has been active since May 2025 and leverages fake recruitment efforts to compromise developer systems. Campaign Overview Attackers create a convincing narrative around a fictitious company

Lazarus Campaign Injects Malicious Packages into npm and PyPI Ecosystems Read More »

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills

OpenClaw, previously known as Moltbot and Clawdbot, has announced a new security partnership with Google-owned VirusTotal to strengthen defenses across its skill marketplace, ClawHub. The move is aimed at reducing the growing risk of malicious skills entering the rapidly expanding agentic AI ecosystem. According to OpenClaw founder Peter Steinberger and collaborators Jamieson O’Reilly and Bernardo Quintero, every

OpenClaw Integrates VirusTotal Scanning to Identify Malicious ClawHub Skills Read More »

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware

Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware. The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below. Affected Packages

Compromised dYdX npm and PyPI Packages Spread Wallet Stealers and RAT Malware Read More »

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package

Cybersecurity researchers have identified active exploitation of a critical remote code execution vulnerability affecting the Metro Development Server used by the @react-native-community/cli npm package. The flaw allows unauthenticated attackers to execute arbitrary operating system commands on exposed systems. The vulnerability, tracked as CVE-2025-11953 and commonly referred to as Metro4Shell, carries a CVSS severity score of 9.8. According to VulnCheck, real

Hackers Exploit Metro4Shell RCE Vulnerability in React Native CLI npm Package Read More »

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group

A China linked cyber espionage group tracked as Lotus Blossom has been attributed with medium confidence to the recent compromise of infrastructure used to host the Notepad++ project. The attribution comes from new technical findings released by cybersecurity firm Rapid7. According to the investigation, the intrusion allowed the state sponsored threat actor to deliver a

Notepad++ Hosting Breach Linked to China Linked Lotus Blossom Hacking Group Read More »

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

The official update infrastructure of Notepad++ was compromised in a highly targeted cyber operation, resulting in malware being delivered to select users. The project’s lead developer, Don Ho, confirmed that the incident was caused by a hosting level breach rather than a flaw in the Notepad++ source code itself. According to Ho, attackers gained control

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users Read More »

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware

The update infrastructure of eScan antivirus, a security product developed by Indian cybersecurity firm MicroWorld Technologies, has been compromised in a supply chain attack that allowed unknown threat actors to distribute multi-stage malware to both enterprise and consumer systems. According to Morphisec researcher Michael Gorelik, the attackers abused eScan’s legitimate update mechanism to push malicious

eScan Antivirus Update Servers Compromised to Distribute Multi Stage Malware Read More »

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm

Cybersecurity researchers have uncovered a supply chain attack targeting the Open VSX Registry, where unknown threat actors compromised a legitimate developer account to distribute malicious updates through trusted extensions. According to Socket security researcher Kirill Boychenko, on January 30, 2026, four well established Open VSX extensions published by a developer identified as “oorzc” were updated

Open VSX Supply Chain Attack Used a Compromised Developer Account to Spread GlassWorm Read More »

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware

Cybersecurity researchers have uncovered a malicious Visual Studio Code extension that impersonated Moltbot, previously known as Clawdbot, and secretly installed malware on developer systems. The fake extension was distributed through Microsoft’s official VS Code Marketplace and falsely advertised itself as a free AI powered coding assistant. The extension, listed as “ClawdBot Agent, AI Coding Assistant” with the

Fake Moltbot AI Coding Assistant on VS Code Marketplace Distributes Malware Read More »