Skip to content
The Nexus
DossierENTITY

malicious packages

Coverage of malicious packages in the Nexus archive.

Earliest in view: May 25 · 06:25 UTCMost recent: May 27 · 11:48 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 27 · 11:48 UTCTHE HACKER NEWS
    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.

  • SECURITYMay 25 · 06:25 UTCCOINTELEGRAPH
    ‘TrapDoor’ malware targets crypto dev tools in supply chain attack

    A campaign named 'TrapDoor' is using malicious packages to target cryptocurrency development tools in a supply chain attack, aiming to steal crypto assets by injecting hidden instructions that hijack popular AI coding assistants. Socket has reported this threat, highlighting the exploitation of AI tools to facilitate the theft.