packages

Malicious PyTorch Lightning Packages Found on PyPI

AndyC 1 May 2026

The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog. TL;DR Two malicious versions of...

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

AndyC 23 April 2026

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating...

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

AndyC 5 April 2026

Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised...

Helping MSPs Take Control of Certificate Management: Introducing Sectigo Partner Platform

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

AndyC 26 March 2026

The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

AndyC 25 March 2026

Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive...

Securing E-commerce Transactions with Modern Authentication

AndyC 21 March 2026

Image Source: Pexels How many packages has your business lost during shipping? If you don’t have shipping insurance, any...

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

AndyC 18 March 2026

Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

AndyC 16 February 2026

Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign Pierluigi Paganini February 15, 2026 Researchers found malicious...

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

AndyC 13 February 2026

Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked...

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

AndyC 7 February 2026

Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index...

MoltBot Skills exploited to distribute 400+ malware packages in days

AndyC 3 February 2026

MoltBot Skills exploited to distribute 400+ malware packages in days Pierluigi Paganini February 02, 2026 Over 400 malicious OpenClaw packages...

packages

Malicious PyTorch Lightning Packages Found on PyPI

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Securing E-commerce Transactions with Modern Authentication

Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

MoltBot Skills exploited to distribute 400+ malware packages in days

The calm before the ransom: What you see is not all there is

The calm before the ransom: What you see is not all there is

GopherWhisper: A burrow full of malware

GopherWhisper: A burrow full of malware

New NGate variant hides in a trojanized NFC payment app

New NGate variant hides in a trojanized NFC payment app

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Smashing Security podcast #465: This developer wanted to cheat at Roblox. It cost millions

Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution

Supporting the National Cyber Strategy: How TrendAI™ Helps

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed