Tomislav Pericin

about 1 month ago

🚨Versions 2.6.2 and 2.6.3 of the PyPI package "lightning" are compromised. RL research note: It is the same type of #Shaihulud malware as in recent Bitwarden and SAP compromises.

4

3

0

453

ap0x retweeted

about 1 month ago

It looks like #TeamPCP has again compromised @Checkmarx #VSCode extensions and @Docker images. Newly published VSCode extensions checkmarx.cx-dev-assist (1.17.0 & 1.19.0) and checkmarx.ast-results (2.63.0 & 2.66.0) contain malicious code.

2

27

7

8

4K

ap0x retweeted

2 months ago

🚨 RL Research Alert! Look out for the compromised versions 1.14.1 and 0.30.4 of axios npm package with almost 11 billion downloads. https://t.co/ilS0dR9Jcl

1

7

3

0

401

Who to follow

ReversingLabs is the trusted name in file and software security. RL — Trust Delivered.

Seongsu Park

@unpacker

Hustlin’ in Cyber Threat Intelligence | Tweets are my own | Keybase: @seongsupark | Mastodon: @[email protected]

ς๏гєɭคภς0๔3г ([email protected])

@corelanc0d3r

ap0x retweeted

2 months ago

Look out for compromised versions 4.87.1 and 4.87.2 of telnyx PyPI package with more than 3.75 million downloads. https://t.co/y7ZCeLhwQ9

1

2

368

ap0x retweeted

2 months ago

👁️ Be on the look out for compromised versions 1.82.7 and 1.82.8 of the "litellm" PyPI package, which has more than 479 million downloads 🧵👇 https://t.co/Fu70kZ8Koz

4

12

6

0

1K

ap0x retweeted

2 months ago

Look out for compromised version of Checkmarx ast-results OpenVSX extension https://t.co/20kuauO2j2

6

10

6

1

2K

ap0x retweeted

3 months ago

🚨 RL researchers occasionally come across interesting techniques used by malware in the wild. One such campaign consisting of 10 packages uses @github gists as a host for the second-stage payload. https://t.co/lIaAaTfUKo

1

4

3

1

612

ap0x retweeted

4 months ago

🚨 RL researchers have discovered a new malicious package on #nuget that is imitating @stripe — a popular payment service. https://t.co/nVUO4h1uth

1

5

4

0

553

ap0x retweeted

4 months ago

⚠️ RL #ThreatResearch: A new branch of a fake job recruitment campaign by the NK Lazarus Group, dubbed "graphalgo," is targeting #Javascript & #Python devs with a remote access trojan (RAT). 👇 https://t.co/sQtVRW0D2I

1

18

5

3

2K

ap0x retweeted

4 months ago

📆 Happening this Wednesday: Get a live, inside-look into the 2026 #SoftwareSupplyChainSecurity Report w/ @paulfroberts, @ap0x & Charlie Jones ➡️ https://t.co/c24vap4cpy #AppSec #CISO #DevSecOps

ReversingLabs's tweet photo. 📆 Happening this Wednesday: Get a live, inside-look into the 2026 #SoftwareSupplyChainSecurity Report w/ @paulfroberts, @ap0x & Charlie Jones
➡️ https://t.co/c24vap4cpy

#AppSec #CISO #DevSecOps https://t.co/AgdsWZAuN1

0

1

0

218

ap0x retweeted

4 months ago

⚠️🧵RL researchers have discovered a malicious #VSCode extension with over 12K installs that has been dormant since December, but now ships a malicious version: https://t.co/Q3YxmkwCZx

1

6

3

1

344

6 months ago

@hmier @ReversingLabs None that I can find. Are you sure that you're looking at the same package name and version in our table?

0

23

ap0x retweeted

6 months ago

👀Blog with full details & more updates can be found here: https://t.co/YP35k2Mweq #npm #OSS #SoftwareSupplyChainSecurity #Shaihulud @ap0x

0

5

3

2

2K

6 months ago

@ReversingLabs This new worm variant includes wiper functionality. Shai-hulud permanently destroy all data in the user's home directory making it unrecoverable. It overwrites the free space where the deleted files used to be. Ensuring that data recovery software cannot restore the files.

0

102

6 months ago

RL automated threat detection systems are detecting the new wave of Shai-Hulud npm packages. Look out for the TH15502 policy violation in our Spectra Assure Community. Here is an example of a compromised package: https://t.co/uitFAHk3e5 - More info to follow from @ReversingLabs

1

415

6 months ago

@ReversingLabs Just like with the first wave, automated dependency management tools (like DependaBot) are creating pull requests that are helping the worm spread.

1

0

99

ap0x retweeted

8 months ago

After detecting & mitigating multiple supply chain attacks targeting #OSS the past few weeks, RL co-founder & CSA @ap0x had a gut reaction: "Something has to change, because we can’t keep doing this every week." #npm #GitHub https://t.co/f87oJtpvWa

0

2

1

338

ap0x retweeted