OUR BLOG

The software supply chain attacks on crypto and web3 continue unabated.  Today I identified a new malicious NPM package that is delivering a sophisticated multi-stage malware payload.  It's...

I've identified an NPM package deploying a new malware strain targeting the Exodus Wallet application.  While this attack lacked finesse, it's interesting because it was written in a new language to...

Over the years, I've talked with a lot of developers and engineering teams—first during my DevSecOps consulting work, then while building SecureStack. Now, as I focus full-time on software supply...

I've identified a malicious NPM package named "web3-parser" that targets web3 and crypto developers.  When the library is called from within a Javascript app, it exfils all data that you asked it to...

Our research has identified a package masquerading as the popular NPM package "Prettier" library.  This package was published in the NPM registry in September 2024 and was taken offline in mid...

SourceCodeRED identified a malicious package deployed on NPM this week.   This package was deployed by an NPM user named Zyrudev and named "arcus-cmd-utils".   The package only contained two files: ...

Two NPM packages masquerading as legitimate javascript libraries were published to the NPM registry this week.  The packages were published by a user named "kamations" and target the marked-js...

Published January 8, 2025 Every morning I get up and check what malicious packages my detector had found the night before.   It's like someone checking their fishing nets to see what fish they...

SourceCodeRED identified two malicious packages deployed on NPM today (December 27th, 2024) These packages were deployed by an NPM user named shulkwisec.  The two packages are "baby-electron" and...

A new malware payload is being delivered via NPM packages.  The NPM user named hi_ops published seven packages that are deploying a new MacOS malware.     How is the malware delivered? The...