Supply-Chain

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers

A sophisticated software supply chain attack, dubbed “PhantomRaven,” has infiltrated the npm registry with 126 malicious packages designed to secretly steal sensitive developer credentials. This campaign specifically targets authentication tokens, CI/CD secrets, and GitHub credentials directly from developers’ machines, posing a severe threat to software development integrity. The Scale and Stealth of the PhantomRaven Campaign […]

PhantomRaven Malware Hidden in 126 npm Packages Stealing GitHub Tokens from Developers Read More »

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux

In a stark reminder of the vulnerabilities within open-source ecosystems, cybersecurity analysts have unearthed ten deceptive npm packages engineered to pilfer sensitive developer credentials. These packages, capable of operating on Windows, macOS, and Linux, employ sophisticated stealth techniques to avoid detection while harvesting a treasure trove of personal and corporate data. The Deceptive Packages and

10 Malicious npm Packages Steal Developer Credentials Across Windows, macOS, and Linux Read More »

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack

A fast-moving supply-chain worm, dubbed GlassWorm by Koi Security, has been found hiding inside multiple Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. The campaign highlights how developers, and their tooling, are now prime targets for large scale compromise, because extensions can auto-update and run code on developer machines.

Self-Spreading GlassWorm Infects VS Code Extensions, Triggers Widespread Supply-Chain Attack Read More »

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys

Cybersecurity researchers have revealed a new supply chain attack that targets the NuGet package manager using a malicious typosquat of Nethereum, a well-known Ethereum .NET integration library. The main goal of this attack is to steal crypto wallet keys from unsuspecting developers and users. Malicious Package Discovered The harmful package, named Netherеum.All, was discovered to

Homoglyph Attack in Fake Nethereum NuGet Package Steals Crypto Wallet Keys Read More »

New GlassWorm Uses Invisible, Obfuscated Code to Attack VS Code Extensions on OpenVSX Marketplace

Over the last week, cybersecurity experts have observed the rise of GlassWorm, a sophisticated malware campaign that targets VS Code extensions available on the OpenVSX Marketplace. This attack demonstrates a concerning evolution in supply chain security within developer ecosystems. As of October 2025, more than 35,800 installations have been affected, and the number continues to

New GlassWorm Uses Invisible, Obfuscated Code to Attack VS Code Extensions on OpenVSX Marketplace Read More »

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites

Cybersecurity researchers have observed a financially motivated threat actor, tracked as UNC5142, leveraging blockchain smart contracts to distribute information-stealing malware targeting both Windows and macOS systems. This operation demonstrates how attackers combine traditional web compromises with modern Web3 technology to evade detection and increase operational resilience. Malware Distribution via WordPress and Blockchain According to the

Attackers Use Blockchain Smart Contracts to Distribute Malware Through Compromised WordPress Sites Read More »

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats

Recent research has revealed that more than 100 Visual Studio Code (VS Code) extensions have inadvertently leaked access tokens, creating a critical risk in the software supply chain. Malicious actors could exploit these tokens to push updates to the extensions, potentially compromising developers’ systems. Critical Risk of Leaked Tokens According to Wiz security researcher Rami

100+ VS Code Extensions Found Exposing Developers to Hidden Supply Chain Threats Read More »

npm, PyPI, and RubyGems Packages Caught Exfiltrating Developer Data to Discord Channels

Cybersecurity researchers have uncovered several malicious packages in the npm, Python (PyPI), and RubyGems ecosystems that are exfiltrating sensitive developer data using Discord webhooks as their command-and-control (C2) channels. These compromised packages allow attackers to send stolen information directly to Discord channels they control. Discord Webhooks Used as a Stealthy Data Channel Discord webhooks provide

npm, PyPI, and RubyGems Packages Caught Exfiltrating Developer Data to Discord Channels Read More »

175 Malicious npm Packages Used in Credential Phishing Campaign with Over 26,000 Downloads

Security researchers have discovered 175 malicious packages on the npm registry, collectively downloaded about 26,000 times, that were used as part of a credential phishing campaign named Beamglea. The campaign used npm and unpkg.com as free hosting to serve redirect scripts, which in turn sent victims to Microsoft credential harvesting pages, increasing the realism and

175 Malicious npm Packages Used in Credential Phishing Campaign with Over 26,000 Downloads Read More »

Stealit Malware Abuses Node.js Single Executable Feature, Hides in Game and VPN Installers

Security researchers have uncovered an active malware campaign, named Stealit, that uses a newer Node.js capability to ship malicious code as single-file executables, enabling infections on systems without Node.js installed. Researchers at Fortinet FortiGuard Labs also note some variants are built with the Electron framework, making delivery simpler and more covert. How the malware is

Stealit Malware Abuses Node.js Single Executable Feature, Hides in Game and VPN Installers Read More »