Browsing Tag
Typosquatting
15 posts
27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens
A malicious Codex UI npm package with 27,000 weekly downloads was caught exfiltrating OpenAI refresh tokens, exposing developers to account takeover risks.
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack
Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…
New “Slopsquatting” Threat Emerges from AI-Generated Code Hallucinations
AI code tools often hallucinate fake packages, creating a new threat called slopsquatting that attackers can exploit in…
Malware Infects Linux and macOS via Typosquatted Go Packages
Socket exposes a typosquatting campaign delivering malware to Linux and macOS systems via malicious Go packages. Discover the…
Scammers Exploit Fake Domains in Dubai Police Phishing Scams
BforeAI has discovered a surge in phishing attacks targeting the Dubai Police, a government-run entity. Learn how cybercriminals are exploiting the Dubai Police name to steal personal information and money.
Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam
Cybercriminals target Trump’s digital trading cards using phishing sites, fake domains, and social engineering tactics to steal sensitive…
Global Phishing Scam Hits Canadian Pizza Chains for Credit Card Data
Scammers are using domain spoofing, phishing and other tactics to steal customer information from pizza restaurants, especially in…
NuGet Packages Exploited to Target Developers with Malware
NuGet packages are under attack! A new malware campaign exploits hidden code execution techniques to inject malware into…