🚨 We've uncovered a sophisticated supply chain attack targeting WhatsApp developers.  The npm package "lotusbail" steal your WhatsApp credentials, intercept all messages, exfiltrate contacts and media, then encrypt and transmit everything to attacker servers. Our analysis shows

🚨 Security Alert! We found a Chrome extension called "KeeProx" that claims to be a password manager. The irony? It stores your passwords using a hash so weak it could be cracked faster than you can type "password123." A password manager that makes your passwords less secure. You

"My shared typescript utilities" - sure, buddy. We just caught dozy on npm doing anything but utility work: 🔒 Heavy obfuscation + anti-tampering 🔍 DevTools detection (window size, debugger timing, F12 blocking) 🚫 Right-click disabled ↪️ Redirects to google[.]com/<random> when

A Bitcoin theme and an AI assistant walk into VS Code's marketplace… Both uploaded today. Same publisher. Both execute hidden scripts on install. The payload? An infostealer masquerading as Lightshot. It grabs: 📸 Screenshots 📋 Clipboard 📶 WiFi passwords 🍪 Browser sessions

🎄🚨 Christmas came early this year… for threat actors! We’re tracking 300+ malicious npm packages flooding the registry in the last 24 hours, all following the pattern: elf-stats-<christmas_word>-<christmas_word>-<number> These naughty packages abuse post/pre-install hooks to

Read our full analysis here: https://t.co/lXWrd1o1sm

Malicious Extension Detected! 🚨 🔎 We uncovered a malicious extension named “传奇脚本语言支持 (Legend Script Language Support)” across VSCode and OpenVSX marketplaces Despite claiming to enhance coding with syntax highlighting, snippets, and theme support - it’s actually

Everyone: “Just scan code with AI, it’ll catch all the malware.” Malware authors: hold my npm package. We just caught a package that: 🔹 steals your NODE_ENV 🔹 exfiltrates it to a Pipedream /leak endpoint 🔹 racked up ~17k downloads over 2 years The wild part? It embeds an

🚨 GlassWorm is back. Third wave. Microsoft's official VSCode Marketplace. Still live right now. We haven't even recovered from Shai-Hulud's second wave hitting npm this week, and now GlassWorm is back. Six weeks ago, we disclosed GlassWorm - a worm targeting VS Code

🚨 Chrome extension "Health Reminder" reminds you to drink water while it drinks ALL your browsing data. This "wellness tool" is about as healthy as a deep-fried cigarette - it logs every site you visit, tracks keywords in your URLs, exfiltrates everything to a remote server, and

👇👇 Follow our updating incident page in the first comment for a deeper technical breakdown. https://t.co/F5I2fVPPzM

🚨 𝐍𝐞𝐰 𝐰𝐚𝐯𝐞 𝐨𝐟 𝐒𝐡𝐚𝐢-𝐇𝐮𝐥𝐮𝐝 𝐦𝐚𝐥𝐰𝐚𝐫𝐞 𝐝𝐞𝐭𝐞𝐜𝐭𝐞𝐝, 𝐰𝐢𝐭𝐡 𝐨𝐯𝐞𝐫 800 𝐩𝐚𝐜𝐤𝐚𝐠𝐞𝐬 𝐜𝐨𝐦𝐩𝐫𝐨𝐦𝐢𝐬𝐞𝐝 We have been tracking a major resurgence of the Shai-Hulud malware campaign, now appearing as a new variant known as Sha1-Hulud: The Second

We’ve found another malicious extension from the same campaign - Nomic-Foundation.hardhat-vscode. It drops the same Go-based stealer that exfiltrates wallets, browser creds, and keychain data to function.undefined21[.]com.

🚨 Malicious VS Code extensions targeting Solidity developers! Two extensions found delivering a JavaScript dropper that fetches and runs a 5.6 MB Go binary (macOS ARM64) which steals crypto wallets, browser credentials and keychain passwords, then uploads the data as

Read our full writeup here: https://t.co/b5QnKKFZwh

🚨 GlassWorm strikes again 3 new infected extensions on open-vsx detected using the same invisible Unicode stealth technique: ai-driven-dev.ai-driven-dev yasuyuky.transient-emacs adhamu.history-in-sublime-merge ~10K additional infections. Same attack pattern: malicious code