Blog

Follow for the latest updates and insights on
open source security & engineering.

Malware Security Announcements AI Engineering Technology Open Source SCA Compliance & SBOM CI/CD

Malware

node-env-resolve: npm Package Installs a Full RAT

node-env-resolve is a malicious npm package that installs a full-featured remote access trojan on developer machines. The RAT streams screens, captures audio, steals browser history, and gives full...

Malware

exiouss: Cookie Stealer Bundled in npm Exam Cheat

exiouss on npm is the latest package from the loltestpad campaign — the same attacker who published the ixpresso-core Windows RAT in April. It bundles a dormant ChatGPT cookie stealer alongside an AI...

Malware

common-tg-service: 502 npm Versions Hijack Telegram

common-tg-service ships 502 npm versions of a Telegram account-takeover framework with hardcoded 2FA credentials, IMAP-based code harvesting, and forced session eviction. Its companion package...

Malware

PyTorch Lightning Compromised: Shai-Hulud Worm Reaches PyPI

PyPI yanked PyTorch Lightning versions 2.6.2 and 2.6.3 after both embedded a two-stage credential-stealing payload. Any import of the library spawns an 11MB obfuscated JavaScript worm identical to...

Previous Next

Ship Code.

Not Malware.

Start free with open source tools on your machine. Scale to a unified platform for your organization.

Star on GitHub Book a Demo