The GlassWorm campaign has resurfaced within the developer community, though the adversaries have adopted a more surreptitious operational profile. Rather than disseminating overtly malicious extensions via OpenVSX, they initially publish innocuous facsimiles of popular...
An ostensibly innocuous package for validating Google Gemini tokens manifested within the npm repository, yet beneath its rudimentary facade lurked a sophisticated instrument of subversion capable of compromising a developer’s environment. On March 20,...
Developers are being besieged en masse with terrifying claims of “critical vulnerabilities” directly within the hallowed halls of GitHub, yet a profoundly different motive lurks beneath these alarming admonitions. According to a dispatch from...
North Korean cyber-adversaries are endeavoring to surreptitiously supplant the MetaMask cryptocurrency wallet extension directly upon a victim’s workstation—an operation which, if executed successfully, remains ostensibly imperceptible to the user. This stratagem was delineated within...
A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit seizure of a developer’s credentials. Adversaries surreptitiously integrated malicious payloads into widely utilized development tools to...
In late December 2025, the architects of the renowned text editor EmEditor issued a formal advisory regarding the compromise of the application’s official distribution portal. Malefactors surreptitiously substituted the authentic installer with a deleterious...
Adversaries have pioneered a sophisticated method of weaponizing GitHub as a conduit for malware distribution, camouflaging their payloads as legitimate installers for prominent developer utilities. At the epicenter of this campaign is GitHub Desktop;...
At the end of November, a team of bug hunters uncovered an infection chain that began with a seemingly harmless GitHub repository. Masquerading as a Visual Studio Code project, it concealed VBScript files linked...
A dangerous worm dubbed Shai-Hulud has been uncovered in the JavaScript ecosystem, infecting at least 187 packages in the NPM repository. What sets it apart is that it not only steals developer credentials but...
Researchers at Socket have disclosed a new attack against the npm ecosystem, in which more than 40 packages were discovered to be laced with embedded malicious code. The compromise mechanism was meticulously engineered: it...
In the first half of 2025, Sonatype uncovered a large-scale, ongoing assault on the open-source software ecosystem, orchestrated by the North Korean threat actor known as Lazarus. Sonatype’s automated malware detection systems were the...
A major incident has rocked the npm ecosystem: the widely-used package eslint-config-prettier suddenly received an update devoid of any corresponding changes on GitHub. Developers quickly grew suspicious—and with good reason. The package’s maintainer later...
