Endor LabsMar 11
#PhantomRaven is back 👻🐦‍⬛ We found 3 new waves distributing 88 #maliciouspackages (81 still live on npm). Packages look clean, but a hidden URL in package.json pulls credential-stealing malware.
https://www.endorlabs.com/learn/return-of-phantomraven
The Return of PhantomRaven: Detecting Three New Waves of npm Supply Chain Attacks | Blog | Endor Labs

Endor Labs security researchers identified 88 malicious open source packages belonging to three new waves of the PhantomRaven campaign.

Hacker NewsNov 24

Shai-Hulud Returns: Over 300 NPM Packages Infected

https://helixguard.ai/blog/malicious-sha1hulud-2025-11-24

#HackerNews #ShaiHuludReturns #NPMInfection #Cybersecurity #SoftwareSupplyChain #MaliciousPackages

HelixGuard

Supply chain security, vulnerability intelligence, and malware detection.

The DefendOps DiariesAug 10, 2025

WhatsApp devs, beware: rogue npm packages disguised as legit libraries can unleash a data wipe (rm -rf *) and hide a secret exfiltration function. How safe is your code when even kill switches are in play? Dive deeper.

https://thedefendopsdiaries.com/unmasking-malicious-npm-packages-targeting-whatsapp-developers/

#npmsecurity
#whatsappdevelopers
#supplychainattack
#cybersecurity
#maliciouspackages

Unmasking Malicious NPM Packages Targeting WhatsApp Developers

Discover the threat of malicious NPM packages targeting WhatsApp developers with destructive data-wiping code.

The DefendOps Diaries
The DefendOps DiariesJun 7, 2025

Some npm packages disguised as helpful utilities have been found wiping entire directories. How are these digital saboteurs sneaking into projects, and what can you do to stop them? Find out more.

https://thedefendopsdiaries.com/understanding-the-threat-of-malicious-npm-packages-posing-as-utilities/

#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#supplychainsecurity

The DefendOps DiariesMay 23, 2025

Ever downloaded a package that turned out to be a Trojan? Malicious NPM packages are using typosquatting and stealth tactics to sneak into development environments. How secure is your code?

https://thedefendopsdiaries.com/navigating-the-threat-of-malicious-packages-in-software-repositories/

#npmsecurity
#maliciouspackages
#softwaredevelopment
#cybersecurity
#dataprotection

The DefendOps DiariesMar 26, 2025

Sophisticated npm Attack Highlights Software Supply Chain Vulnerabilities

https://thedefendopsdiaries.com/sophisticated-npm-attack-highlights-software-supply-chain-vulnerabilities/

#npmattack
#softwaresupplychain
#cybersecurity
#opensourcesecurity
#maliciouspackages

Sophisticated npm Attack Highlights Software Supply Chain Vulnerabilities

Explore a sophisticated npm attack revealing software supply chain vulnerabilities and the need for enhanced security measures.

The DefendOps Diaries
Rene RobichaudMar 11, 2025

Hackers Compromise Windows Systems Using 5000+ Malicious Packages
https://gbhackers.com/hackers-compromise-windows-systems/

#Infosec #Security #Cybersecurity #CeptBiro #Hackers #WindowsSystems #MaliciousPackages

Hackers Compromise Windows Systems Using 5000+ Malicious Packages

A recent analysis by FortiGuard Labs has revealed a significant increase in malicious software packages, with over 5,000 identified.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Tedi HeriyantoOct 27, 2023

OpenSSF Malicious Packages: This repository is a collection of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format: https://github.com/ossf/malicious-packages

#MaliciousPackages #osv #openssf

GitHub - ossf/malicious-packages: A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format. - ossf/malicious-packages

GitHub
Show threadTrent Johnson 🦍Oct 5, 2023

I had #ChatGPT write a #Python script to scan my machines for the infected packages mentioned in this @BleepingComputer article. I've tested it on my work laptop and that is it. Please feel free to test it out and let me know if it works.

https://github.com/ludothegreat/Python-Package-Security-Scanner

#PythonSecurity #MaliciousPackages #DataProtection #PythonScript #InfoSec #cybersecurity #PythonPackages

GitHub - ludothegreat/Python-Package-Security-Scanner: ChatGPT created script to check my PC for any of the packages on this cvs file: https://gist.github.com/masteryoda101/65b55a117fe2ea33735f05024abc92c2

ChatGPT created script to check my PC for any of the packages on this cvs file: https://gist.github.com/masteryoda101/65b55a117fe2ea33735f05024abc92c2 - GitHub - ludothegreat/Python-Package-Securit...

GitHub