Shai Hulud Strikes Again (v2)
Another wave of Shai-Hulud campaign has hit npm with more than 500 packages and 700+ versions affected.
Kirill Boychenko
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
The Socket Threat Research Team uncovered malicious NuGet packages typosquatting the popular Nethereum project to steal wallet keys.
131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store
The Socket Threat Research Team uncovered a coordinated campaign that floods the Chrome Web Store with 131 rebranded clones of a WhatsApp Web automation extension to spam Brazilian users.
North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
Topics
.NET AI Security Backdoor BeaverTail Blockchain Botnet Brandjacking Brazil Brute Force Bulletproof Hosting CanisterWorm Chrome Clipper Cloudflare Composer Contagious Interview crates.io Credential Stuffing Critical Infrastructure Crypto Drainer Cryptocurrency Cryptojacker Cryptomining Cursor Cybercrime Dark Web Dependency Confusion Developer Compromise Disinformation Docker Evilginx Exploit Kit Extensions Extortionware Facebook Fraud GitHub Actions GlassWorm Gmail Go Go Modules Google Google Drive Hacktivism HashiCorp Healthcare HexEval Homoglyphs Human Trafficking Impersonation Influence Operations Infostealer Initial Access Brokers InvisibleFerret Java JavaScript Keylogger LinkedIn Loader Maven Central Meta Microsoft Money Laundering Monkey Patching NATO North Korea npm NuGet OAST Obfuscation Open VSX OpenClaw OtterCookie Packagist Phishing PHP Piracy PyPI Python Ransomware RAT Ruby RubyGems Russian Link Rust RustSec SANDWORM_MODE Shai-Hulud Slopsquatting Smart Contracts Social Engineering South Korea Spam Spearphishing Surveillance TeamPCP TruffleHog Typosquatting Türkiye Underground Economy Vietnam VS Code Wagemole Webhook Worm XMRig XORIndex