The article details a targeted malware attack disguised as a freelance job opportunity on LinkedIn. It breaks down how the malicious code was embedded in a GitLab repository and outlines key warning signs for developers to watch for to avoid similar scams.

Researchers found insecure bootstrap scripts in legacy Python packages that could allow attackers to exploit a domain takeover. The scripts fetch an outdated installation package from a now-available domain, which poses a risk of executing malicious code. Some affected packages have removed the scripts, but others, like slapos.core, still include them.

This article discusses the unique security challenges faced by developer endpoints and highlights Koi Security's approach to managing these risks. It emphasizes the need for specialized tools that cater to developers without disrupting their workflows, especially in light of recent malware threats.

The article details a supply chain attack on Notepad++, where attackers compromised the update infrastructure between June and September 2025. It outlines various infection chains, unique payloads, and the methods used to gather system information and install malicious software. Kaspersky's solutions successfully blocked these attacks as they unfolded.

Researchers found two harmful VS Code extensions that appear as AI coding assistants but secretly send user data to servers in China. With over 1.5 million installs, they capture file content and modifications without user consent, while also incorporating analytics SDKs to track users.

The lotusbail npm package masquerades as a legitimate WhatsApp API library but contains sophisticated malware that steals user credentials, messages, and contacts. It captures data by intercepting communications and uses custom encryption to evade detection. Even after uninstalling the package, attackers retain access to compromised accounts.

A state-sponsored group, Lotus Blossom, compromised Notepad++'s hosting infrastructure, allowing them to serve malicious updates to targeted users in Southeast Asia. The attack leveraged DLL sideloading and Lua script injections to deliver malware, affecting various sectors globally.

GlassWorm malware has reappeared in Visual Studio Code extensions just weeks after being declared eradicated. The worm uses invisible Unicode characters to hide its code and is now also infecting GitHub repositories, posing risks to developers and critical infrastructure worldwide.

Hundreds of e-commerce sites have been compromised in a supply-chain attack that allowed malware to execute malicious code in visitors' browsers, potentially stealing sensitive payment information. The attack involved at least three software providers and may have affected up to 1,000 sites, with the malware remaining dormant for six years before activation. Security firm Sansec reported limited global remediation efforts for the affected customers, including a major multinational company.

A recent supply chain attack has compromised several npm packages, allowing the distribution of backdoor malware. This incident highlights vulnerabilities in the software supply chain, emphasizing the need for enhanced security measures in package management systems.

A report has revealed that 40 npm packages have been compromised as part of a supply chain attack, exposing vulnerabilities that could potentially affect thousands of projects. The malicious packages were designed to steal sensitive data and create backdoors for attackers, highlighting the ongoing risks in open-source software ecosystems. Developers are urged to review their dependencies and ensure they are not using affected packages.

A recent threat research report highlights three malicious Go modules that use obfuscation techniques to deliver destructive payloads capable of wiping entire disks. These modules exploit the open nature of the Go ecosystem, allowing attackers to masquerade as legitimate libraries, leading to irreversible data loss for unsuspecting developers.

A recent NPM supply chain attack involving a self-propagating worm called Shai-Hulud has highlighted the vulnerability of package registries like NPM. Sysdig's Threat Intelligence Feed offers real-time insights into these threats, enabling organizations to quickly assess their exposure and respond effectively. By monitoring malicious NPM packages, Sysdig aids security teams in identifying risks and taking action promptly.

Over 6,700 private repositories were made public due to a malicious supply chain attack involving Nx. The attackers used a post-install script to exfiltrate sensitive data, including API keys and tokens, by creating public repositories to store the stolen information. Security firm Wiz reported that more than 20,000 files were compromised, affecting numerous users.

An npm package called 'rand-user-agent' was compromised in a supply chain attack, leading to the injection of a remote access trojan (RAT) in unauthorized versions. Despite being deprecated, the package had a significant number of downloads, and users are advised to revert to the last legitimate version and conduct full system scans if they installed the malicious updates. The attack was traced back to an outdated automation token that allowed the unauthorized releases.

The npm author Qix was targeted in a significant supply chain attack through a phishing email that spoofed npm branding, tricking the author into compromising their account. Malicious code was introduced into several packages, redirecting cryptocurrency transactions to the attacker's addresses, highlighting the persistent threat of phishing in the open-source ecosystem.

A supply-chain attack named GlassWorm is targeting developers on the OpenVSX and Microsoft Visual Studio marketplaces, leading to an estimated 35,800 installations of self-spreading malware. Utilizing invisible characters to hide its code, GlassWorm steals credentials and cryptocurrency wallet information, while employing the Solana blockchain for command-and-control, making it challenging to dismantle. Researchers have identified multiple infected extensions and warn of the malware's sophisticated nature, marking it as a significant threat to developer environments.