Blog | ReversingLabs | Threat Research

Threat Research

July 8, 2025

Malicious pull request infects VS Code extension

ETHcode, a VS Code extension for Ethereum smart contract development, was compromised following a GitHub pull request.

June 18, 2025

Threat actor Banana Squad exploits GitHub repos in new campaign

ReversingLabs researchers discovered more than 60 GitHub repositories that contain hundreds of trojanized files.

May 23, 2025

Malicious attack method on hosted ML models now targets PyPI

RL researchers detected a new malicious campaign that exploits the Pickle file format on the Python Package Index.

May 15, 2025

Backdoor implant discovered on PyPI posing as debugging utility

RL researchers detected a sophisticated, malicious package believed to be an ongoing campaign that may be linked to a hacktivist gang.

May 13, 2025

Same name, different hack: PyPI package targets Solana developers

A new Python package revives the name of a malicious module to steal source code and secrets from blockchain developers’ machines.

April 10, 2025

Atomic and Exodus crypto wallets targeted in malicious npm campaign

RL researchers have identified yet another npm package that uses malicious patching of local software to hijack cryptocurrency transfers.

April 3, 2025

Malicious Python packages target popular Bitcoin library

RL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.

March 26, 2025

Malware found on npm infecting local package with reverse shell

For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.

February 6, 2025

Malicious ML models discovered on Hugging Face platform

Developers working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.

December 20, 2024

OSS in the crosshairs: Cryptomining hacks highlight key new threat

Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.

December 20, 2024

A new playground: Malicious campaigns proliferate from VSCode to npm

To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.

December 9, 2024

Compromised ultralytics PyPI package delivers crypto coinminer

A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Industry

Partners

Alliances

Resources

Company

Events

Press

Threat Research

Malicious pull request infects VS Code extension

Threat actor Banana Squad exploits GitHub repos in new campaign

Malicious attack method on hosted ML models now targets PyPI

Backdoor implant discovered on PyPI posing as debugging utility

Same name, different hack: PyPI package targets Solana developers

Atomic and Exodus crypto wallets targeted in malicious npm campaign

Malicious Python packages target popular Bitcoin library

Malware found on npm infecting local package with reverse shell

Malicious ML models discovered on Hugging Face platform

OSS in the crosshairs: Cryptomining hacks highlight key new threat

A new playground: Malicious campaigns proliferate from VSCode to npm

Compromised ultralytics PyPI package delivers crypto coinminer

Topics

Special Reports

The 2025 Software Supply Chain Security Report

Upcoming Webinars

ConversingLabs

Threat Research

Topics

Follow us

Subscribe

Special Reports