Hacking news

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

on June 4, 2025

The Hacker News

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems. The findings come from multiple reports published by Checkmarx,

More From Author

Hacking news

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

The Hacker News

Hacking news

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

April 3, 2026

The Hacker News

Hacking news

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

April 3, 2026

The Hacker News

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

More From Author

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

The strange tale of ischhfd83: When cybercriminals eat their own

Multiple CVEs in Infoblox NetMRI: RCE, Auth Bypass, SQLi, and File Read Vulnerabilities

Leave a Reply Cancel reply