Cyware Social will be sunset on April 15, 2026. The service is being replaced by Cyware’s Daily Threat Intel Briefs,
offering curated security advisories on the latest threats. Enterprise users can contact us here → for more details.

Alerts Events DCR
Filter Alerts by

Socket

May 20, 2025

Malicious Koishi Chatbot Plugin Exfiltrates Messages Trigger...

A malicious npm package, koishi-plugin-pinhaofa, is targeting Koishi chatbot frameworks. Disguised as a spelling autocorrect plugin, it embeds a backdoor that exfiltrates messages containing 8-character hexadecimal strings to a hardcoded QQ account.
May 8, 2025

Backdooring the IDE: Malicious npm Packages Hijack Cursor Ed...

Security researchers have uncovered a supply chain attack involving three malicious npm packages—sw-cur, sw-cur1, and aiide-cur—that target macOS installations of the Cursor AI IDE.
May 7, 2025

Malicious PyPI Package Targets Discord Developers with Remot...

A malicious Python package named discordpydebug was uploaded to PyPI, posing as a debugging tool for Discord bot developers. Despite lacking a README or documentation, it was downloaded over 11,000 times.
April 18, 2025

npm Malware Targets Telegram Bot Developers with Persistent ...

A new supply chain attack has been uncovered targeting Telegram bot developers via typosquatted npm packages. These malicious packages mimic the legitimate `node-telegram-bot-api` library.
April 18, 2025

Malicious npm Package Disguised as Advcash Integration Trigg...

A malicious npm package, @naderabdi/merchant-advcash, masquerading as a legitimate Advcash (Volet) payment integration, was discovered to contain a stealthy reverse shell. The payload activates only during a successful payment transaction.
April 5, 2025

Lazarus Expands Contagious Interview Campaign With 11 New NPM Packages Containing Malware Loaders and Bitbucket Payloads

These latest malware samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.
April 3, 2025

Malicious PyPI Package Targets WooCommerce Stores with Autom...

The Socket research team recently discovered a malicious Python package on PyPI named disgrasya, which contains a fully automated carding script targeting WooCommerce stores.
March 11, 2025

Lazarus Strikes npm Again with New Wave of Malicious Package...

North Korea’s Lazarus Group continues to infiltrate the npm ecosystem, deploying six new malicious packages designed to compromise developer environments, steal credentials, extract cryptocurrency data, and deploy a backdoor.
March 7, 2025

New PyPI Malware ‘set-utils’ Exfiltrates Ethereum Private Keys Through Blockchain Transactions

Disguised as a simple utility for Python sets, the set-utils package mimics widely used libraries like python-utils (712M+ downloads) and utils (23.5M+ downloads). This compromised package grants attackers unauthorized access to Ethereum wallets.
February 28, 2025

Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy

Although the automslc package purports to offer music automation and metadata retrieval, it covertly bypasses Deezer’s access restrictions by embedding hardcoded credentials and communicating with an external C2 server.
Load More

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Learn More

Trending Tags
Popular Topics
See more