KEYWORD TOPIC

Malicious VS Code Extension and NPM Packages Target Developers | NPM Packages Hijacked in Large-Scale Supply Chain Attack | Ethereum Smart Contracts Used to Mask Malware in NPM Packages | Malicious VS Code Extension and NPM Packages Target Developers | NPM Packages Hijacked in Large-Scale Supply Chain Attack | Ethereum Smart Contracts Used to Mask Malware in NPM Packages

Security / Malware

Malicious VS Code Extension and NPM Packages Target Developers

The software development ecosystem is facing increased threats from malicious actors. Recent incidents involve a VS Code extension with ransomware capabilities and NPM packages distributing information-stealing malware, highlighting the imp...

Nov 08, 2025 10:01 Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Malicious VS Code Extension and NPM Packages Target Developers

Image via The Hacker News

TOPIC npm

Security / Supply Chain

NPM Packages Hijacked in Large-Scale Supply Chain Attack

A large-scale supply chain attack has compromised NPM packages, impacting over 2.6 billion weekly downloads. Attackers injected malicious code into popular packages by compromising maintainer accounts through phishing, leading to the hijack...

Sep 08, 2025 19:32 NPM Attack Injects Crypto-Stealing Malware Into Core JavaScript Libraries

Cybersecurity / Malware

Ethereum Smart Contracts Used to Mask Malware in NPM Packages

Cybersecurity researchers have uncovered malicious NPM packages that use Ethereum smart contracts to hide malware, marking a new trend in software supply chain attacks. This technique allows attackers to bypass traditional security measures...

Sep 04, 2025 11:02 Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers