Topic: developer targeting

Sort by: Relevance | Date
  • Malicious npm Packages Target Ethereum Smart Contracts
    September 5, 2025
    86%

    Malicious npm Packages Target Ethereum Smart Contracts

    A new wave of malicious npm packages uses Ethereum smart contracts to hide command-and-control infrastructure, making detection more difficult. Attackers also created fake GitHub repositories with artificially inflated metrics to appear legitimate and target cryptocurrency developers. This campai...

    Read More »
  • Self-Replicating Worm Infects 180+ npm Packages in Automated Attack
    September 19, 2025
    68%

    Self-Replicating Worm Infects 180+ npm Packages in Automated Attack

    A self-replicating worm named "Shai-hulud" is spreading through the npm ecosystem, infecting over 180 packages and stealing developer credentials to propagate further. The worm uses stolen authentication tokens to inject malicious code, exfiltrate sensitive data like GitHub and AWS keys, and make...

    Read More »

Related Topics

cybersecurity threats (37) credential theft (16) supply chain attack (11) Supply Chain Attacks (10) github integration (8) detection evasion (7) software supply chain (5) open source security (3)