241 Cryptomining Packages Flood npm, PyPI
PyPI Package ‘secretslib’ Drops Linux Malware to Mine Monero
‘Requests’ Library Typosquats Install Ransomware
PyPI Packages Steal Telegram Cache Files, Add Windows Remote Desktop Accounts
A Python Cryptominer Targeting Windows, Linux, macOS
npm Malware Exfiltrates Windows SAM, Amazon EC2 Credentials
Malware Kills Windows Defender to Drop a Trojan
PyPI Packages Exfiltrate AWS Keys, env vars, Secrets
Ongoing Campaign Targets ‘colors’ Library
PyPI Package ‘ctx’ and PHP Library ‘phpass’ Compromised to Steal Environment Variables
New ‘pymafka’ Malicious Package Drops Cobalt Strike on macOS, Windows, Linux
Malicious ‘rustdecimal’ Crate Found in Rust Repository
Apache Kafka Project Clone Leverages Dependency Confusion
‘Bloat free’ Data Exfiltration Technique
VMware VSphere Dependency Confusion Attempt Caught by Sonatype
500+ Malicious npm Packages Caught by Sonatype
PyPI Takes Down Malicious ‘Distutil’ Package Imitating ‘distutils'
Rise in ‘Protestware’ During Russia-Ukraine Crisis
Careful Out There: Open Source Attacks Continue To Be On the Uptick
New ‘colors-2.0’, ‘colors-3.0’ Packages Are Malicious
A Cryptic ‘Reverse Shell’ Found Lurking in PyPI Packages
86 Malicious npm Packages Named After Popular NodeJS Functions
Malicious PyPi Packages Steal Your Roblox Security Cookies and Discord Tokens
PyPI, NuGet, and npm Flooded With Roblox and Fortnite Spam
Trojanized PyPI Package Imitates a Popular Python Server Library
jQuery npm Typosquat Has a Fishy Surprise
Massively Popular "Colors" and "Faker" npm Libraries Sabotaged
PyPI Flooded With More Than 1,200 Dependency Confusion Packages
Crypto App Faces $5 Million Ransom Demand Following Log4j Hack
Log4j Zero-day Sets the Internet on Fire With 'Log4Shell' Attacks
Malicious PyPI Packages With 10,000 Downloads Taken Down
Popular Library "coa" Gets Hijacked in an Identical Style as "ua-parser-js"
Hours After "coa" Hijack Is Discovered, "rc" Is Hijacked, Too
Newly Found npm Malware Mines Cryptocurrency on Multiple Devices
Popular "ua-parser-js" Library Attacked
Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise
Cryptocurrency Heist Stemmed from a Malicious GitHub Commit
Microsoft’s WinGet Flooded With Duplicate, Malformed Apps
“CursedGrabber” Malware Discovered
Counterfeit Components Discovered in the npm Ecosystem
New npm Malware With Bladabindi Trojan Spotted
Brandjacking Malware Found in npm
Multiple npm Packages Vulnerable to Typosquatting Attacks
Hundreds of Malware Gems found on RubyGems
Microsoft Spots Malicious JavaScript Package
Trojanized Python Libraries Removed
Computers Running Malicious npm Package Considered “Fully Compromised”
Prototype Pollution Vulnerability Continues to Cause Problems
Compromised Version of rest-client Maintainer Stole credentials, Installed Crypto Miners
Malicious Package Removed From npm Repository
Malicious Python Libraries Removed From PyPI
RubyGems Component Found to Contain Malicious Code
Cryptocurrency Attack on npm via Malicious Code Injection
23 Malicious RubyGems Packages Discovered
Backdoored RubyGems Package Allows Remote Code Execution
Malicious Package Injected Into Popular npm Package
Compromised JavaScript Package Caught Stealing npm Credentials
Homebrew Repository Compromised
Backdoored npm Package Discovered
Backdoored PyPI Package Discovered
Deleted GitHub Account Resurrected by Unknown User
npm Credentials Intentionally Compromised
“I’m harvesting credit card numbers and passwords from your site. Here’s how.”
