ReversingLabs Archives • Daily CyberSecurity

PromptMink Tricked AI Agents into Planting Malware PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Tricked AI Agents into Planting Malware

Do Son May 1, 2026

Researchers at ReversingLabs (RL) have uncovered a campaign dubbed PromptMink. Attributed to the North Korean-linked group Famous...

The “Graphalgo” Evolution: How North Korea Built a Fake Florida LLC to Hack Developers Graphalgo Campaign State-Sponsored Phishing

The “Graphalgo” Evolution: How North Korea Built a Fake Florida LLC to Hack Developers

Do Son April 15, 2026

The ReversingLabs (RL) research team has uncovered a sophisticated expansion of the “graphalgo” campaign. Originally identified in...

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain Stripe.net Typosquatting NuGet Supply Chain Attack

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain

Do Son February 27, 2026

Late last year, the cybersecurity community was put on high alert when the ReversingLabs research team uncovered...

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware

Do Son February 13, 2026

The notorious North Korean hacking syndicate, Lazarus Group, has launched a new, highly sophisticated branch of its...

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Do Son December 19, 2025

A sophisticated supply chain campaign targeting .NET developers working with cryptocurrency has been uncovered, revealing a network...

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2 GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

GuLoader Malware CloudEye Obfuscation npm, malware Ethereum, npm supply chain OAST techniques StilachiRAT macOS Malware PasivRobber

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

Do Son September 4, 2025

Researchers from ReversingLabs have discovered two malicious npm packages leveraging Ethereum smart contracts to conceal and deliver...

A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions

Do Son September 1, 2025

ReversingLabs researchers have uncovered a dangerous loophole in the Visual Studio Code (VS Code) Marketplace that allows...

Phishing Attack on Popular npm Package Triggers Supply Chain Compromise npm supply chain, phishing attack

Phishing Attack on Popular npm Package Triggers Supply Chain Compromise

Do Son August 16, 2025

A recent investigation by ReversingLabs has revealed how a targeted phishing attack led to the compromise of...

VS Code ETHcode Extension Hacked: Just 2 Lines of Code Led to Supply Chain Compromise Via GitHub PR

Do Son July 9, 2025

Researchers at ReversingLabs (RL) have uncovered a supply chain compromise of the popular ETHcode extension for Visual...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Do Son June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds npm malware, crypto wallet attack

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds

Do Son April 14, 2025

The ReversingLabs (RL) research team has uncovered a sophisticated npm-based malware campaign in which a fake npm...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

ReversingLabs

PromptMink Tricked AI Agents into Planting Malware

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain

Dream Job or Nightmare? Lazarus Group Hunts Crypto Devs with “Graphalgo” Malware

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Crypto as a Weapon: Malicious npm Packages Use Ethereum Smart Contracts for C2

A Dangerous Loophole in the VS Code Marketplace Is Allowing Malicious Extensions

Phishing Attack on Popular npm Package Triggers Supply Chain Compromise

VS Code ETHcode Extension Hacked: Just 2 Lines of Code Led to Supply Chain Compromise Via GitHub PR

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds