Supply-Chain Archives - Page 6 Of 9

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data

December 16, 2025

Cybersecurity researchers have identified a malicious NuGet package that impersonates the popular .NET tracing library Tracer.Fody to steal cryptocurrency wallet information. The package, called “Tracer.Fody.NLog,” was uploaded by a user named “csnemess” on February 26, 2020, and has remained on the repository for nearly six years. It closely mimics the legitimate “Tracer.Fody” library maintained by […]

Malicious NuGet Package Posing as Tracer Fody Steals Cryptocurrency Wallet Data Read More »

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads

December 15, 2025

Cybersecurity researchers have uncovered a new malware distribution campaign that abuses GitHub hosted Python repositories to spread a previously undocumented JavaScript based Remote Access Trojan named PyStoreRAT. The operation relies on fake development tools, OSINT utilities, and GPT related projects to trick analysts and developers into executing malicious loader code. GitHub Repositories Hide Multi Stage

Fake OSINT and GPT Utility GitHub Repositories Spread PyStoreRAT Malware Payloads Read More »

Malicious Rust Crate Targets Web3 Developers with OS Specific Malware

December 3, 2025

Cybersecurity analysts have identified a harmful Rust based package that was crafted to infiltrate systems running Windows, macOS, or Linux. The package silently executes malicious code on developer machines by disguising itself as a legitimate Ethereum Virtual Machine utility. The crate, titled evm-units, was uploaded to crates dot io in April 2025 by an account

Malicious Rust Crate Targets Web3 Developers with OS Specific Malware Read More »

Malicious npm Package Uses Hidden Prompt and Script to Bypass AI Security Tools

December 2, 2025

Cybersecurity researchers have uncovered a malicious npm package designed to manipulate AI-driven security scanners and steal sensitive data. The package, eslint-plugin-unicorn-ts-2, pretends to be a TypeScript extension of the popular ESLint plugin. It was published in February 2024 by a user named “hamburgerisland” and has been downloaded nearly 19,000 times. The package is still available.

Malicious npm Package Uses Hidden Prompt and Script to Bypass AI Security Tools Read More »

Legacy Python bootstrap scripts create domain takeover risk in several PyPI packages

November 29, 2025

Cybersecurity researchers have identified insecure legacy code inside several Python packages that could allow attackers to compromise the Python Package Index (PyPI) through a domain takeover scenario. ReversingLabs reported that the issue originates from old bootstrap scripts associated with a build and deployment tool known as zc.buildout. According to researcher Vladimir Pezo, these bootstrap files

Legacy Python bootstrap scripts create domain takeover risk in several PyPI packages Read More »

North Korean hackers use 197 npm packages to spread updated OtterCookie malware

November 29, 2025

A North Korean threat group linked to the Contagious Interview activity has continued its aggressive malware distribution by uploading 197 additional malicious packages to the npm registry since last month. Researchers at Socket confirmed that these packages have been downloaded more than 31000 times. Each of them is designed to install a modified version of

North Korean hackers use 197 npm packages to spread updated OtterCookie malware Read More »

Shai Hulud v2 spreads from npm to Maven, exposing thousands of secrets

November 27, 2025

A new wave of the Shai Hulud supply chain attack has now moved beyond the npm ecosystem and into Maven, exposing thousands of sensitive credentials and widening the reach of one of the most impactful attacks of the year. Security researchers have confirmed that the second phase of the operation has compromised more than 830

Shai Hulud v2 spreads from npm to Maven, exposing thousands of secrets Read More »

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign

November 20, 2025

A global malvertising operation known as TamperedChef is actively spreading malware through fake installers disguised as trusted software. Attackers are using deceptive tactics to make users download harmful programs, allowing them to establish remote access and persistent control over infected systems. Recent findings from the Acronis Threat Research Unit show that the campaign remains active,

TamperedChef Malware Spreads Through Fake Software Installers in a Continuing Global Campaign Read More »

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates

November 19, 2025

A China aligned threat actor known as PlushDaemon has been identified using a new Go based network backdoor called EdgeStepper. This tool enables adversary in the middle attacks by hijacking DNS queries and redirecting them to malicious infrastructure. Through this method, attackers can compromise legitimate software update channels and deliver harmful payloads. How the Attack

EdgeStepper Implant Redirects DNS Queries to Deliver Malware Through Compromised Software Updates Read More »

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages

November 18, 2025

Security analysts have identified a group of seven npm packages created by a single threat actor who used Adspect cloaking to mislead visitors and redirect them to fraudulent crypto themed websites. These packages relied on traffic filtering techniques to separate real victims from security professionals, allowing attackers to hide malicious behavior while pushing unsuspecting users

Seven NPM Packages Use Adspect Cloaking to Lure Users to Crypto Scam Pages Read More »