Critical Alert 1 Active Exploit Detected Today

CVE-2026-9082 — Drupal Core SQL Injection Vulnerability →

Powered by CVE Watchtower

×

Typosquatting

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet Shai-Hulud worm NPM supply chain attack

Shai-Hulud worm NPM supply chain attack

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

Ddos May 19, 2026

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

Ddos May 2, 2026

The Typosquatting Trap: Fake Telegram Portal Delivers Stealthy Memory-Resident Malware kill chain

kill chain

The Typosquatting Trap: Fake Telegram Portal Delivers Stealthy Memory-Resident Malware

Ddos March 20, 2026

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Ddos March 11, 2026

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain Stripe.net Typosquatting NuGet Supply Chain Attack

Stripe.net Typosquatting NuGet Supply Chain Attack

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain

Ddos February 27, 2026

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs

Ddos February 27, 2026

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors NuGet Supply Chain Attack ASP.NET Identity Theft

NuGet Supply Chain Attack ASP.NET Identity Theft

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors

Ddos February 25, 2026

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI dYdX Supply Chain Attack Malicious npm Package

dYdX Supply Chain Attack Malicious npm Package

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI

Ddos February 10, 2026

The “PayTool” Trap: Massive Fraud Cluster Impersonates Canada Gov & Air Canada WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

The “PayTool” Trap: Massive Fraud Cluster Impersonates Canada Gov & Air Canada

Ddos January 28, 2026

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Ddos January 23, 2026

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

Ddos January 9, 2026

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Ddos December 29, 2025

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC

Ddos December 26, 2025

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Ddos December 19, 2025

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets NuGet Crypto Stealer, Homoglyph Attack

NuGet Crypto Stealer, Homoglyph Attack

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets

Ddos December 16, 2025

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan vs-c

vs-c

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Ddos December 15, 2025

Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT Silver Fox False Flag, Cyrillic SEO Poisoning

Silver Fox False Flag, Cyrillic SEO Poisoning

Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT

Ddos December 9, 2025

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades Rust Typosquatting, Unpinned Dependency Attack

Rust Typosquatting, Unpinned Dependency Attack

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades

Ddos December 8, 2025

North Korea’s “Contagious Interview” Floods npm with 200 New Packages, Using Fake Crypto Jobs to Deploy OtterCookie Spyware BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

North Korea’s “Contagious Interview” Floods npm with 200 New Packages, Using Fake Crypto Jobs to Deploy OtterCookie Spyware

Ddos December 1, 2025

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption PyPI Typosquat, Python RAT

PyPI Typosquat, Python RAT

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption

Ddos November 24, 2025