Typosquatting Archives • Daily CyberSecurity

Malicious PyPI Package Wave Spreads Evolving Supply Chain Attacks malicious PyPI package wave supply chain attacks

Malicious PyPI Package Wave Spreads Evolving Supply Chain Attacks

Do Son June 9, 2026

Security Researchers Uncover Advanced Open Source Supply Chain Exploits A fresh threat report exposes an ongoing software...

FIFA Website Spoofing Scams: FBI Issues Major World Cup Warning FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

FIFA website spoofing scams FBI World Cup alert Pig Butchering Scam Jingliang Su Sentencing Meta China Scam Ads, Zuckerberg Revenue Conflict Trading Bot Scam BEC Scam Rental Payment Fraud

FIFA Website Spoofing Scams: FBI Issues Major World Cup Warning

Do Son May 31, 2026

The Federal Bureau of Investigation recently issued a critical safety warning regarding the upcoming 2026 World Cup...

Microsoft Exposes Malicious Typosquat Cluster Targeting Cloud Environments npm supply chain attack credential harvesting malware

Microsoft Exposes Malicious Typosquat Cluster Targeting Cloud Environments

Do Son May 29, 2026

Urgent Alert for DevOps Engineers Microsoft security analysts recently identified an active threat vector targeting modern software...

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet Shai-Hulud worm NPM supply chain attack

TeamPCP Open-Sources “Shai-Hulud” AI Supply Chain Malware, Hitting NPM Fleet

Do Son May 19, 2026

The threat collective recognized as TeamPCP, historically notorious for orchestrating supply chain incursions within the NPM ecosystem,...

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

Do Son May 2, 2026

Security researchers have uncovered a supply-chain attack on npm targeting developers who mistakenly install the unscoped tanstack...

The Typosquatting Trap: Fake Telegram Portal Delivers Stealthy Memory-Resident Malware

Do Son March 20, 2026

Cybersecurity researchers have uncovered a deceptive campaign that uses a typosquatted website to impersonate the official Telegram...

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets pino-sdk-v2 npm Supply Chain Attack

Malicious npm Package “pino-sdk-v2” Caught Harvesting Secrets

Do Son March 11, 2026

In the modern development landscape, supply chain attacks remain one of the most effective ways for threat...

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain Stripe.net Typosquatting NuGet Supply Chain Attack

Hackers Impersonate Stripe.net to Hijack the Global Payment Supply Chain

Do Son February 27, 2026

Late last year, the cybersecurity community was put on high alert when the ReversingLabs research team uncovered...

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs

Do Son February 27, 2026

Tenable Research has uncovered a highly sophisticated, malicious npm package that amassed approximately 50,000 downloads before its...

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors NuGet Supply Chain Attack ASP.NET Identity Theft

Malicious NuGet Packages Weaponize ASP.NET Identity for Production Backdoors

Do Son February 25, 2026

Developers themselves are increasingly the primary target for cybercriminals, a new supply chain attack has been uncovered...

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI dYdX Supply Chain Attack Malicious npm Package

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI

Do Son February 10, 2026

A sophisticated supply chain attack has struck the dYdX decentralized exchange protocol, injecting malicious code into official...

The “PayTool” Trap: Massive Fraud Cluster Impersonates Canada Gov & Air Canada WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

WhatsApp Worm, Brazilian Banking Trojan LAPSUS$ Alliance, Scattered Spider Ransomware, Cybercrime RedCurl APT group Russian Cyberespionage, ApolloShadow Malware

The “PayTool” Trap: Massive Fraud Cluster Impersonates Canada Gov & Air Canada

Do Son January 28, 2026

A sprawling, interconnected web of fraud clusters is aggressively targeting Canadian citizens, exploiting their reliance on digital...

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner sympy-dev Malware PyPI Supply Chain Attack

“SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

Do Son January 23, 2026

A deceptive new supply chain attack has been uncovered in the Python ecosystem, where a malicious package...

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Microsoft Activation Scripts block, Trojan:PowerShell/FakeMas.DA!MTB

Collateral Damage: Microsoft Defender Blocks Official MAS Script in Malware War

Do Son January 9, 2026

Microsoft is evidently cognizant of the Microsoft Activation Scripts (MAS), a popular open-source utility; moreover, the corporation...

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Do Son December 29, 2025

The Java ecosystem, long considered a fortress compared to the wild west of npm, has been breached...

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

WHILL Wheelchair Hijacking, CVE-2025-14346 MAS typosquatting malware, get.activate.win vs get.activated.win OpenShift GitOps RCE, Cluster Takeover Flaw Twonky Server, CVE-2025-13315 AI agents CVE-2024-52875 PoC

The “D” is for Danger: How a Tiny Typo in MAS Activation Hijacks Your PC

Do Son December 26, 2025

The well-known activation tool MAS offers a PowerShell command that allows users to load an activation script...

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Do Son December 19, 2025

A sophisticated supply chain campaign targeting .NET developers working with cryptocurrency has been uncovered, revealing a network...

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets NuGet Crypto Stealer, Homoglyph Attack

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets

Do Son December 16, 2025

A malicious NuGet package masquerading as a popular .NET logging tool has been caught stealing cryptocurrency wallet...

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Do Son December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT Silver Fox False Flag, Cyrillic SEO Poisoning

Silver Fox APT Uses Cyrillic False Flag in Teams SEO Poisoning to Deploy ValleyRAT

Do Son December 9, 2025

A cunning cyber-espionage campaign is targeting Chinese organizations with a twist of geopolitical deception. According to a...

Critical Alert 1 Active Exploit Detected Today