A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting sales personnel at critical infrastructure organizations.

Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.

A pair of typosquatted Go packages posing as Google's UUID library quietly turn helper functions into encrypted exfiltration channels to a paste site, putting developer and CI data at risk.

Socket Threat Research Team maps a rare inside look at OtterCookie's npm-Vercel-GitHub chain, adding 197 malicious packages and evidence of North Korea's Contagious Interview operation.

Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.

A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.

The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.

The Socket Threat Research Team uncovered a coordinated campaign that floods the Chrome Web Store with 131 rebranded clones of a WhatsApp Web automation extension to spam Brazilian users.

The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.

Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.