Nexus Firewall
Fake VS Code extension on npm uses altered ScreenConnect utility as spyware
A counterfeit 'Truffle for VS Code' extension, published on the npmjs registry, abuses the ConnectWise ScreenConnect remote desktop utility, allowing threat actors to compromise Windows systems that install the package ...
Fake Solana packages target crypto devs, abuse Slack & ImgBB for data theft
Recently discovered malicious packages on the npmjs.com registry named "solanacore," "solana-login," and "walletcore-gen" target Solana crypto developers with Windows trojans and malware capable of keylogging and sensitive data exfiltration. Furthermore, these packages ...
npm packages from Rspack, Vant compromised, blocked by Sonatype
Fairly popular npm packages, @rspack/core and @rspack/cli were hijacked yesterday after attackers got their hands on a compromised npm token and published malicious versions 1.1.7 of these projects. These versions were promptly ...
Lottie Player compromised in supply chain attack — all you need to know
Popular JavaScript library and npm package Lottie Player was compromised in a supply chain attack with threat actors releasing three new versions of the component yesterday, all in a span of a ...
Counterfeit Lodash attack leverages AnyDesk to target Windows users
npm packages identified by Sonatype recently are named similar to the vastly popular JavaScript library, lodash. These packages abuse typosquatting and carry within them a modified version of AnyDesk utility to target ...
‘Netfetcher’ package drops illicit ‘node’ binary on Windows
Recently identified PyPI packages called "netfetcher" and "pyfetcher" impersonate open source libraries and target Windows users with malicious executables that have a zero detection rate among leading antivirus engines. Furthermore, some of ...
Polyfill.io supply chain attack hits 100,000+ websites — all you need to know
In a significant supply chain attack, over 100,000 websites using Polyfill[.]io, a popular JavaScript CDN service, were compromised ...
‘cors-parser’ npm package hides cross-platform backdoor in PNG files
'cors-parser' is neither a cure for Cross-Origin Resource Sharing (CORS) vulnerabilities nor a "parser" for interpreting same-origin policies of a website. Instead, the npm package employs a form of steganography to download ...
PyPI crypto-stealer targets Windows users, revives malware campaign
Sonatype has discovered 'pytoileur', a malicious PyPI package hiding code that downloads and installs trojanized Windows binaries capable of surveillance, achieving persistence, and crypto-theft. Our discovery of the malware led us to ...
Devs flood npm with 15,000 packages to reward themselves with Tea ‘tokens’
We have repeatedly come across cases involving open source registries like npm and PyPI being flooded with thousands of packages in a short span of time. Typically, such surges in publishing activity ...
