Blog | ReversingLabs | Karlo Zanki

May 15, 2025

Backdoor implant discovered on PyPI posing as debugging utility

RL researchers detected a sophisticated, malicious package believed to be an ongoing campaign that may be linked to a hacktivist gang.

May 13, 2025

Same name, different hack: PyPI package targets Solana developers

A new Python package revives the name of a malicious module to steal source code and secrets from blockchain developers’ machines.

February 6, 2025

Malicious ML models discovered on Hugging Face platform

Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.

December 9, 2024

Compromised ultralytics PyPI package delivers crypto coinminer

A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.

November 28, 2024

Malicious PyPI crypto pay package aiocpa implants infostealer code

The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.

September 10, 2024

Fake recruiter coding tests target devs with malicious Python packages

RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.

July 11, 2024

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.

June 5, 2024

Python downloader highlights noise problem in open source threat detection

RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.

March 12, 2024

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

RL has discovered a campaign using malicious PyPI packages posing as open-source libraries to steal BIP39 mnemonic phrases used for crypto wallet recovery.

December 19, 2023

Malware leveraging public infrastructure like GitHub on the rise

RL researchers have uncovered two novel techniques running on GitHub — one abusing GitHub Gists, another issuing commands through git commit messages.

October 31, 2023

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

RL has highlighted threats in npm, PyPI and RubyGEMS in recent years. This finding shows NuGet is equally exposed to malicious activities by threat actors.

August 31, 2023

VMConnect supply chain attack continues, evidence points to North Korea

ReversingLabs researchers discovered more packages that are part of the previously identified VMConnect campaign, and evidence linking the campaign to North Korean threat actors.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Karlo Zanki

Recent Posts from Karlo Zanki

Backdoor implant discovered on PyPI posing as debugging utility

Same name, different hack: PyPI package targets Solana developers

Malicious ML models discovered on Hugging Face platform

Compromised ultralytics PyPI package delivers crypto coinminer

Malicious PyPI crypto pay package aiocpa implants infostealer code

Fake recruiter coding tests target devs with malicious Python packages

Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs

Python downloader highlights noise problem in open source threat detection

BIPClip: Malicious PyPI packages target crypto wallet recovery passwords

Malware leveraging public infrastructure like GitHub on the rise

IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations

VMConnect supply chain attack continues, evidence points to North Korea

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Karlo Zanki

Recent Posts from Karlo Zanki

Topics

Follow us

Subscribe

Special Reports