The package's history is a lesson in why tracking open source threats is such a challenge — and highlights the value of RL's new Spectra Assure Community.
Two newly discovered extensions on the VS Code Marketplace are designed to steal sensitive information, showing that open source attacks are expanding.
ReversingLabs researchers found two suspicious npm packages that demonstrate how GitHub is increasingly being used to easily deploy malware in novel ways.
One “s” is all that separates a legitimate npm package from a malicious twin that delivered the r77 rootkit, and was downloaded more than 700 times, ReversingLabs researchers discovered.
“Write once, infect everywhere” might be the new cybercrime motto, with newly discovered campaigns showing malicious npm packages powering phishing kits and supply chain attacks.
ReversingLabs researchers discovered two malicious packages that contained TurkoRat, an infostealer that lurked on npm for months before being detected.
What’s in a name? Here's how bad actors are pushing malware on the Python Package Index under the guise of legitimate yet abandoned open source modules.
Aabquerys is a malicious npm package discovered typosquatting on a legitimate npm module that downloads malicious components, ReversingLabs discovered.
Get the best of RL Blog delivered to your in-box weekly to stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.
