Malicious Python packages target popular Bitcoin library
RL researchers detected two Python libraries that are designed to steal sensitive data while posing as fixes for a popular cryptocurrency library.
Threat Research
Malicious Python packages target popular Bitcoin library
Malware found on npm infecting local package with reverse shell
For the first time, RL researchers discover malicious locally-installed npm packages infecting other legitimate packages.
Malicious ML models discovered on Hugging Face platform
Software development teams working on machine learning take note: RL threat researchers have identified nullifAI, a novel attack technique used on Hugging Face.
A new playground: Malicious campaigns proliferate from VSCode to npm
To avoid compromised packages being introduced as a dependency in a larger project, security teams need to keep an eye peeled for such malicious code.
OSS in the crosshairs: Cryptomining hacks highlight key new threat
Hacks of rspack, vant highlight the growing trend of cryptomining compromises spreading via top open-source packages.
Compromised ultralytics PyPI package delivers crypto coinminer
A compromised build environment led to a malicious deployment of a popular AI library that had the potential of delivering other malware.
Malware found in Solana npm library raises the bar for crypto security
Two recent versions of the Solana web3.js open source library were infected with code to steal private keys, putting crypto platforms and wallets at risk.
Malicious PyPI crypto pay package aiocpa implants infostealer code
The incident demonstrates how machine learning-based threat hunting can help development teams spot threats other tools miss.
Differential analysis raises red flags over @lottiefiles/lottie-player
Three versions of the popular package were infected and used to spread malicious code that was stealing crypto wallet assets.
.webp&w=3840&q=75)
When hackers get hacked: Sam Curry on his career — and his latest research
In a new ConversingLabs podcast, the independent security researcher talks about his early entry into the field — and his latest connected-car research.
Fake recruiter coding tests target devs with malicious Python packages
RL found the VMConnect campaign continuing with malicious actors posing as recruiters, using packages and the names of financial firms to lure developers.
Malicious NuGet campaign uses homoglyphs and IL weaving to fool devs
Malware authors upped their game, using homoglyphs to impersonate a protected NuGet prefix and IL weaving to inject malicious code, RL researchers found.
Malicious npm package targets AWS users
The history of the package is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Python downloader highlights noise problem in open source threat detection
RL discovered what appeared to be a malicious downloader on PyPI. It turned out to be red teaming — but highlights a growing problem for threat detection.
XZ Trojan highlights software supply chain risk posed by 'sock puppets'
There is no foolproof method to identify phony developer accounts — but there are telltale signs. Threat researchers share three.