Threat Research Round-Up Q4 2025

In Q4 2025, attackers increasingly targeted the most trusted parts of the software supply chain: package registries, developer tools, and automation designed for speed, not scrutiny.

In this Threat Research Round-Up, RL researchers break down five real-world campaigns uncovered in the closing months of 2025 across NuGet, PyPI, PowerShell Gallery, and VS Code. 

The incidents show how attackers are exploiting the implicit trust of the open source development community to evade traditional controls, from malicious NuGet packages that  harvest OAuth tokens; to fake VS Code extensions disguised as image assets; to bootstrap scripts enabling domain takeovers and a new Shai Hulud npm worm variant. 

You’ll learn about the tradecraft that connects these incidents, how and why organizations  struggle to detect malicious OSS supply chain behavior, and how modern binary and package intelligence can reveal about these attack chains—before they scale further in 2026.

Key takeaways from the Q4 Threat Research Round-Up include:

• How attackers weaponized trust across package ecosystems and developer tools
  
• Why metadata-only scanning failed to surface malicious behavior
  
• The common tradecraft connecting NuGet, PyPI, PowerShell Gallery, and VS Code attacks
  
• What deeper binary and package intelligence reveals earlier in the attack chain
  
• Practical steps to reduce software supply chain risk heading into 2026

Register Now - Attendees will receive a certificate of attendance to be used towards CPE credits.

Meet the Speakers