Supply-Chain

Fake Python Spellchecker Packages on PyPI Deliver Hidden Remote Access Trojan

Cybersecurity researchers have uncovered two malicious Python packages on the Python Package Index (PyPI) that posed as legitimate spellchecking tools while secretly delivering a remote access trojan (RAT). The packages, spellcheckerpy and spellcheckpy, have since been removed, but not before they were downloaded more than 1,000 times combined. According to Aikido researcher Charlie Eriksen, the malware was concealed […]

Fake Python Spellchecker Packages on PyPI Deliver Hidden Remote Access Trojan Read More »

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code

Cybersecurity researchers have uncovered two malicious Microsoft Visual Studio Code extensions that present themselves as AI-powered coding assistants but secretly collect and exfiltrate developers’ source code to servers based in China. The extensions, which together have reached more than 1.5 million installs and remain available on the official Visual Studio Marketplace, are listed as ChatGPT

Malicious VS Code AI Extensions With 1.5 Million Installs Steal Developer Source Code Read More »

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts

A newly identified malicious package hosted on the Python Package Index (PyPI) has been caught impersonating the widely used SymPy library to deploy harmful payloads on Linux machines. The campaign highlights the growing risk of supply chain attacks targeting developers through trusted open source repositories. Fake Development Package Targets Python Users The malicious package, named sympy-dev,

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts Read More »

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks

Cloud security researchers have revealed that a critical misconfiguration in AWS CodeBuild could have allowed attackers to fully compromise Amazon Web Services owned GitHub repositories, including the widely used AWS JavaScript SDK. The issue created a potential pathway for large scale supply chain attacks that could have impacted countless AWS customers. The vulnerability, named CodeBreach by cloud security firm Wiz,

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks Read More »

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens

Security researchers have uncovered a supply chain attack targeting the n8n workflow automation ecosystem, where malicious actors abused community published npm packages to steal OAuth credentials from developers. According to findings published by Endor Labs last week, attackers uploaded eight deceptive npm packages that appeared to function as legitimate n8n integration nodes. These packages were

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens Read More »

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages

Cybersecurity researchers have uncovered a new malware campaign involving three malicious npm packages that were used to distribute a previously undocumented remote access trojan named NodeCordRAT. The discovery highlights ongoing risks within open source ecosystems, particularly for developers working with cryptocurrency related libraries. Malicious Packages Identified The following npm packages were identified as part of

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages Read More »

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack

Trust Wallet has disclosed that a major security breach affecting its Google Chrome browser extension was the result of the second wave of the Shai-Hulud supply chain attack, identified in November 2025. The incident led to the theft of nearly $8.5 million in cryptocurrency assets, marking one of the most significant browser extension compromises in the crypto

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have uncovered a malicious software package hosted on the npm repository that masquerades as a fully functional WhatsApp API while secretly stealing sensitive user data and granting attackers persistent access to victims’ WhatsApp accounts. The package, called lotusbail, has been downloaded more than 56,000 times since it was published in May 2025 by

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Read More »