Socket’s Threat Research Team has uncovered two malicious npm packages—naya-flore and nvlore-hsc—designed to target developers building WhatsApp...
supply chain attack
A critical vulnerability—CVE-2025-54594 (CVSS 9.1)—has been identified in the React Native Bottom Tabs project, exposing the repository...
Veracode Threat Research has released an update on an ongoing North Korean cyber-espionage campaign that is actively...
WithSecure has uncovered a stealthy campaign using legitimate Remote Monitoring and Management (RMM) tools embedded in PDF...
A critical command injection vulnerability has been disclosed in the widely used GitHub Action tj-actions/branch-names, affecting over...
The lightweight JavaScript utility library is is a widely popular project on the NPM platform, boasting over...
Socket’s Threat Research Team has discovered that at least 10 malicious packages were published to npm from...
The Socket Threat Research Team has uncovered a coordinated surveillance malware campaign hidden in four open-source packages—three...
In a newly uncovered software supply chain attack, threat actors have successfully deployed a backdoored version of...
Imperva researchers have uncovered a supply chain attack masquerading as a popular Python utility. The package in...
A deceptive and highly targeted phishing campaign has successfully compromised several popular npm packages, including eslint-config-prettier, eslint-plugin-prettier,...
In a revelation for the JavaScript ecosystem, Socket’s Threat Research Team has uncovered the widespread proliferation of...
A fraudulent extension for the Cursor AI IDE—an editor built upon Microsoft’s open-source Visual Studio Code—was used...
A new chapter in the ongoing Contagious Interview campaign has emerged, as the Socket Threat Research Team...
In a concerning development for WordPress site administrators, the Patchstack team has uncovered a targeted supply chain...
Researchers at ReversingLabs (RL) have uncovered a supply chain compromise of the popular ETHcode extension for Visual...
IBM X-Force has peeled back the layers on Microsoft Azure Arc, uncovering how the hybrid-cloud management tool—meant...
In a detailed expose, the Socket Threat Research Team has uncovered an ongoing and highly targeted supply...
A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...
In a concerning development for AI infrastructure security, XLab has uncovered an active exploitation campaign targeting ComfyUI—a...
In a sweeping campaign that blends social engineering with software subversion, a newly identified threat actor dubbed...
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with its federal partners, has issued a high-priority...