Socket Archives • Daily CyberSecurity

Massive PyPI Supply Chain Attack Staged via Malware Startup Hooks PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

Massive PyPI Supply Chain Attack Staged via Malware Startup Hooks

Do Son June 7, 2026

Overview of the Global Fraud Threat Cybersecurity researchers have just detected a dangerous software campaign targeting Python...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Do Son May 13, 2026

Security researchers are sounding the alarm on a highly resourceful new campaign dubbed “GemStuffer.” Uncovered by Socket’s...

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Do Son May 2, 2026

Security researchers at Socket have uncovered a coordinated software supply chain campaign orchestrated through the GitHub account...

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom Mini Shai-Hulud Packagist Supply Chain Attack

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom

Do Son May 2, 2026

Security researchers at Socket have identified a major expansion of the “Mini Shai-Hulud” supply chain campaign, which...

The Sleeper in Your IDE: Unmasking the 73-Extension “GlassWorm” Espionage Campaign GlassWorm Campaign Sleeper Extensions

The Sleeper in Your IDE: Unmasking the 73-Extension “GlassWorm” Espionage Campaign

Do Son April 30, 2026

A sophisticated cyber-espionage operation, dubbed the GlassWorm campaign, is rapidly expanding its footprint within the open-source community....

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Do Son April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

AI Prompt Injection Aqua Trivy Breach AI Assistant Apertus, open-source AI .ai domain milestone

The Trojan Prompt: How an Autonomous AI Hijacked Aqua Trivy to Weaponize Developer Copilots

Do Son March 4, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated security breach affecting the popular Aqua Trivy VS Code...

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware

Do Son March 3, 2026

Cybersecurity researchers at Socket have uncovered a sophisticated multi-stage malware operation, dubbed “StegaBin,” specifically designed to harvest...

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams Supply Chain Phishing, npm Abuse

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams

Do Son December 25, 2025

A new investigation by The Socket Threat Research Team has uncovered a sophisticated spear-phishing operation that has...

Hidden Theft: ‘Crypto Copilot’ Chrome Extension Drains Solana Wallets on X Crypto Copilot, Solana Scam

Hidden Theft: ‘Crypto Copilot’ Chrome Extension Drains Solana Wallets on X

Do Son November 27, 2025

A new threat is targeting the Solana ecosystem, preying on traders looking for speed and convenience on...

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

Do Son September 9, 2025

Socket has detected a large-scale supply chain attack in progress targeting the npm ecosystem. The account of...

Malicious npm Packages Impersonate Flashbots SDKs to Steal Ethereum Wallet Credentials Ethereum, npm supply chain

Malicious npm Packages Impersonate Flashbots SDKs to Steal Ethereum Wallet Credentials

Do Son September 9, 2025

Socket’s Threat Research Team has uncovered a coordinated supply chain attack targeting the Ethereum ecosystem through four...

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again NPM Supply Chain, North Korea Malware

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

Do Son July 15, 2025

A new chapter in the ongoing Contagious Interview campaign has emerged, as the Socket Threat Research Team...

Malicious Firefox Extensions Unmasked: Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens Firefox Extensions, Malware Campaign

Malicious Firefox Extensions Unmasked: Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens

Do Son July 7, 2025

A new report by the Socket Threat Research Team has uncovered a sprawling network of malicious Firefox...

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems Python Malware, Typosquatting

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems

Do Son June 26, 2025

Socket’s Threat Research Team has uncovered a malicious Python package named psslib designed to abruptly shut down...

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction npm supply chain attack, typosquatting

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction

Do Son June 3, 2025

In a recent revelation, Socket’s Threat Research Team has uncovered a stealthy npm supply chain attack leveraging...

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels Python malware, Gmail C2

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels

Do Son May 2, 2025

In a detailed technical report, Socket’s Threat Research Team uncovered seven malicious Python packages published to the...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Socket

Massive PyPI Supply Chain Attack Staged via Malware Startup Hooks

GemStuffer: Attackers Weaponize RubyGems as a Covert Data Drop for UK Gov Scraping

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom

The Sleeper in Your IDE: Unmasking the 73-Extension “GlassWorm” Espionage Campaign

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

North Korean “StegaBin” Campaign Targets Developers with Steganographic Malware

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams

Hidden Theft: ‘Crypto Copilot’ Chrome Extension Drains Solana Wallets on X

Massive npm Supply Chain Attack: Qix’s Account Compromised, Billions of Weekly Downloads at Risk

Malicious npm Packages Impersonate Flashbots SDKs to Steal Ethereum Wallet Credentials

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

Malicious Firefox Extensions Unmasked: Fake Games, VPNs, & Calendar Tools Hijack Traffic, Steal Crypto & OAuth Tokens

Alert: Malicious Python Package “psslib” Typosquats passlib, Shuts Down Windows Systems

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction

Malicious Python Packages Exploited Gmail as Covert Command-and-Control Channels