
Malicious pull request infects VS Code extension
ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.
Read More about Malicious pull request infects VS Code extensionETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.
Read More about Malicious pull request infects VS Code extensionReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.
Read More about Threat actor Banana Squad exploits GitHub repos in new campaignRL researchers detected a new malicious campaign that exploits the Pickle file format on the Python Package Index.
Read More about Malicious attack method on hosted ML models now targets PyPIRL researchers detected a sophisticated, malicious package believed to be an ongoing campaign that may be linked to a hacktivist gang.
Read More about Backdoor implant discovered on PyPI posing as debugging utilityReversingLabs’ YARA detection rule for Conti can help you detect this ransomware in your environment. We provide tools and information that you can use to spot CONTI at work in your environment.
Read More about From the Labs: YARA Rule for Detecting ContiA new Python package revives the name of a malicious module to steal source code and secrets from blockchain developers’ machines.
Read More about Same name, different hack: PyPI package targets Solana developersRL researchers have identified yet another npm package that uses malicious patching of local software to hijack cryptocurrency transfers.
Read More about Atomic and Exodus crypto wallets targeted in malicious npm campaignRL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.
Read More about Malicious Python packages target popular Bitcoin libraryFor the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
Read More about Malware found on npm infecting local package with reverse shellSoftware development teams working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.
Read More about Malicious ML models discovered on Hugging Face platformTo avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
Read More about A new playground: Malicious campaigns proliferate from VSCode to npmHacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.
Read More about OSS in the crosshairs: Cryptomining hacks highlight key new threatA compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Read More about Compromised ultralytics PyPI package delivers crypto coinminerTwo recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
Read More about Malware found in Solana npm library raises the bar for crypto securityThe incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.
Read More about Malicious PyPI crypto pay package aiocpa implants infostealer codeGet your 14-day free trial of Spectra Assure
Get Free TrialMore about Spectra Assure Free Trial