Supply-Chain

More Than 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Campaign

Cybersecurity experts have uncovered a massive spam and worm-like campaign that has flooded the npm registry with more than 67,000 fake packages since early 2024. This operation appears to be a financially motivated attack designed to exploit the open nature of the npm ecosystem. According to a recent report from Endor Labs researchers Cris Staicu […]

More Than 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Campaign Read More »

Malicious npm Package Discovered Targeting GitHub-Owned Repositories

Cybersecurity researchers have identified a malicious npm package, “@acitons/artifact”, that mimics GitHub’s legitimate “@actions/artifact” library. The goal appears to be the compromise of GitHub-owned repositories through build process manipulation and credential theft. This discovery highlights the growing threat of typosquatting attacks within open-source ecosystems that target trusted supply chains. Discovery and attacker intent According to

Malicious npm Package Discovered Targeting GitHub-Owned Repositories Read More »

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites

GootLoader has reemerged, showing fresh innovations in evasion and delivery. Recent investigations by Huntress found multiple infections since October 27, 2025, including rapid hands-on-keyboard intrusions that led to domain controller compromise within 17 hours in two cases. The loader now uses custom web fonts and other subtle tricks to hide malicious payloads on compromised WordPress

GootLoader Returns Using New Font Trick to Conceal Malware on WordPress Sites Read More »

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations

Cybersecurity researchers have uncovered a new wave of the persistent GlassWorm campaign, revealing three malicious Visual Studio Code (VS Code) extensions designed to steal developer credentials and cryptocurrency. With thousands of combined installations, these extensions demonstrate a continued and evolving threat to the software development ecosystem. The Malicious Extensions and Their Reach The campaign involves

GlassWorm Malware Found in Three VS Code Extensions with Thousands of Installations Read More »

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation

A sophisticated software supply chain attack has been uncovered, involving nine malicious NuGet packages designed to lie dormant for years before activating their destructive payloads. These “logic bombs,” set to trigger in 2027 and 2028, aim to sabotage databases and corrupt critical industrial control systems, posing a long-term threat to organizations. A Patient and Stealthy

Hidden Logic Bombs in Malicious NuGet Packages Set to Detonate Years After Installation Read More »

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality

Cybersecurity researchers have uncovered a malicious extension for Microsoft’s Visual Studio Code (VS Code) that contains basic ransomware functionality. The extension, which appears to have been “vibe-coded” or created with the assistance of artificial intelligence, highlights a new frontier in software supply chain threats. A Brazenly Malicious Extension Discovered by Secure Annex researcher John Tuckner,

Vibe-Coded Malicious VS Code Extension Found Containing Built-In Ransomware Functionality Read More »

SleepyDuck VSX Extension Uses Ethereum to Sustain Its Command Server

A malicious extension discovered in the Open VSX registry poses a significant threat to developers by embedding a remote access trojan named SleepyDuck. What makes this threat particularly resilient is its innovative use of the Ethereum blockchain to maintain contact with its command server, ensuring it can survive traditional takedown efforts. The Malicious Extension and Its

SleepyDuck VSX Extension Uses Ethereum to Sustain Its Command Server Read More »

Cybercriminals Abuse Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

A financially motivated threat cluster is systematically targeting trucking and logistics companies, weaponizing common Remote Monitoring and Management (RMM) software to infiltrate their networks. The ultimate goal of these attacks is to hijack freight operations and steal high-value physical cargo, particularly food and beverage products. The Campaign’s Objective: Cargo Theft via Digital Intrusion According to

Cybercriminals Abuse Remote Monitoring Tools to Infiltrate Logistics and Freight Networks Read More »

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack

A sophisticated threat actor, believed to be state-sponsored, has been discovered using a previously unknown malware family dubbed “Airstalk” in a suspected software supply chain attack. The malware uniquely abuses a legitimate enterprise mobile device management (MDM) API to establish a covert communication channel with its operators. The Attacker and the Malware’s Core Deception Tracked

Nation-State Hackers Use New Airstalk Malware in Suspected Supply Chain Attack Read More »

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery

The Eclipse Foundation has taken decisive action to secure the Open VSX registry after a security report revealed that access tokens had been accidentally leaked within several Visual Studio Code extensions. This prompt response neutralizes a potential software supply chain attack that could have allowed threat actors to hijack extensions and distribute malware to unsuspecting

Eclipse Foundation Revokes Leaked Open VSX Tokens After Wiz Security Discovery Read More »