ReversingLabs: The More Powerful, Cost-Effective Alternative to VirusTotalSee Why

Spectra Assure Free Trial

Get your 14-day free trial of Spectra Assure for Software Supply Chain Security

Get Free TrialMore about Spectra Assure Free Trial
Blog
Events
About Us
Webinars
In the News
Careers
Demo Videos
Cybersecurity Glossary
Contact Us
reversinglabsReversingLabs: Home
Privacy PolicyCookiesImpressum
All rights reserved ReversingLabs © 2026
XX / Twitter
LinkedInLinkedIn
FacebookFacebook
InstagramInstagram
YouTubeYouTube
blueskyBluesky
RSSRSS
Back to Top
TRR LP
On Demand Webinar

Threat Research Round-Up Q4 2025

When Trusted Software Turns Hostile

In Q4 2025, attackers increasingly targeted the most trusted parts of the software supply chain: package registries, developer tools, and automation designed for speed, not scrutiny.

In this Threat Research Round-Up, RL researchers break down five real-world campaigns uncovered in the closing months of 2025 across NuGet, PyPI, PowerShell Gallery, and VS Code. 

The incidents show how attackers are exploiting the implicit trust of the open source development community to evade traditional controls, from malicious NuGet packages that  harvest OAuth tokens; to fake VS Code extensions disguised as image assets; to bootstrap scripts enabling domain takeovers and a new Shai Hulud npm worm variant. 

Key takeaways from the Q4 Threat Research Round-Up include:

  • How attackers weaponized trust across package ecosystems and developer tools
  • Why metadata-only scanning failed to surface malicious behavior
  • The common tradecraft connecting NuGet, PyPI, PowerShell Gallery, and VS Code attacks
  • What deeper binary and package intelligence reveals earlier in the attack chain
  • Practical steps to reduce software supply chain risk heading into 2026

Watch Now

Skip to main content
Contact UsSupportLoginBlogCommunity
reversinglabsReversingLabs: Home
Solutions
Secure Software OnboardingSecure Build & ReleaseProtect Virtual MachinesIntegrate Safe Open SourceGo Beyond the SBOM
Increase Email Threat ResilienceDetect Malware in File Shares & StorageAdvanced Malware Analysis SuiteICAP Enabled Solutions
Scalable File AnalysisHigh-Fidelity Threat IntelligenceCurated Ransomware FeedAutomate Malware Analysis Workflows
Products & Technology
Spectra Assure®Software Supply Chain SecuritySpectra DetectHigh-Speed, High-Volume, Large File AnalysisSpectra AnalyzeIn-Depth Malware Analysis & Hunting for the SOCSpectra IntelligenceAuthoritative Reputation Data & Intelligence
Spectra CoreIntegrations
Industry
Energy & UtilitiesFinanceHealthcareHigh TechPublic Sector
Partners
Become a PartnerValue-Added PartnersTechnology PartnersMarketplacesOEM Partners
Alliances
Resources
BlogContent LibraryCybersecurity GlossaryConversingLabs PodcastEvents & WebinarsLearning with ReversingLabsWeekly Insights Newsletter
Customer StoriesDemo VideosDocumentationOpenSource YARA Rules
Company
About UsLeadershipCareersSeries B Investment
EventsRL at RSAC
Press ReleasesIn the News
Pricing
Software Supply Chain SecurityMalware Analysis and Threat Hunting
Menu
Request a demo
Watch Now