Rogue NuGet Package Poses as Tracer.Fody, Steals Cryptocurrency Wallet Data
Dec 16, 2025Ravie LakshmananCybersecurity / Cryptocurrency Cybersecurity researchers have discovered a new malicious NuGet package that typosquats and impersonates the...
discovered
Researchers Find Malicious VS Code, Go, npm, and Rust Packages Stealing Developer Data
Dec 09, 2025Ravie LakshmananMalware / Threat Analysis Cybersecurity researchers have discovered two new extensions on Microsoft Visual Studio Code (VS...
Maximum-severity XXE vulnerability discovered in Apache Tika
Maximum-severity XXE vulnerability discovered in Apache Tika Pierluigi Paganini December 06, 2025 A maximum severity vulnerability in Apache Tika, tracked...
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows,...
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave...
Chrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium Swaps
Nov 26, 2025Ravie LakshmananBrowser Security / Cryptocurrency Cybersecurity researchers have discovered a new malicious extension on the Chrome Web Store...
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Nov 24, 2025Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight...
WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
Nov 19, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly discovered campaign has compromised tens of thousands of outdated or end-of-life...
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking...
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Nov 17, 2025Ravie Lakshmanan Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera...
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats...
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Nov 05, 2025Ravie LakshmananArtificial Intelligence / Threat Intelligence Google on Wednesday said it discovered an unknown threat actor using an...
Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks
A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million...
HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage
Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal...
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Oct 29, 2025Ravie LakshmananMalware / Threat Intelligence Cybersecurity researchers have discovered a set of 10 malicious npm packages that are...
