A sophisticated supply chain offensive recently compromised the n8n workflow automation ecosystem, as adversaries infiltrated the npm repository with malicious packages camouflaged as legitimate integration modules. According to research by Endor Labs, the primary...
Security researchers at Zscaler have unearthed a sophisticated campaign exploiting prevalent cryptocurrency themes. Three deleterious libraries were discovered within the official npm repository, serving as conduits for a previously undocumented Remote Access Trojan (RAT)...
Popular IDEs with AI assistants—such as Cursor, Windsurf, Google Antigravity, and Trae—have been found vulnerable to a supply-chain attack. These environments prompt users to install extensions that are absent from the OpenVSX catalog. The...
A large-scale supply chain compromise known as Shai-Hulud has been linked to the recent theft of approximately USD 8.5 million in cryptocurrency from more than 2,500 Trust Wallet accounts. The company’s team has concluded...
A new wave of malicious extensions has been uncovered in the Open VSX extension marketplace, which is used by millions of developers worldwide. Researchers at Koi Security warn that attackers are seeding the catalog...
A dangerous vulnerability has been discovered in the Trust Wallet browser extension, potentially allowing attackers to steal users’ cryptocurrency. The issue affected version 2.68, and the wallet’s team officially urged everyone who had installed...
The Chinese hacking group known as Evasive Panda (also tracked as Bronze Highland, Daggerfly, and StormBamboo) carried out one of the most sophisticated and long-running cyber campaigns of recent years, silently infecting victim systems...
In late December, an unwelcome supply-chain surprise erupted around the popular text editor EmEditor. According to the developer, between December 19 and 22, 2025, the download button on the official website may have served...
Blockchain investigator ZachXBT reported on December 25 that, over the preceding hours, numerous Trust Wallet users had experienced unauthorized withdrawals. Affected individuals claimed their assets were drained from their wallets without any form of...
A malicious package named lotusbail has been uncovered in the npm repository, masquerading as a library for working with WhatsApp Web while quietly siphoning conversations and granting attackers persistent access to user accounts. According...
A covert threat has been uncovered within the .NET ecosystem, stemming from the substitution of a widely used tracing library. For more than five years, a malicious package circulated in the NuGet repository, masquerading...
MangaGamer has issued a warning about a potential supply-chain attack: in the latest print run of the physical edition of Higurashi When They Cry Hou+, the Windows installers on the included USB drive appear...
