Package – NuclearCoffee

Hacker news

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

On May 15, 2025 9:42 pm, by NuclearCoffee

Cybersecurity researchers have discovered a malicious package named “os-info-checker-es6” that disguises itself as an operating system information utility to stealthily drop a next-stage payload onto compromised systems. “This… Continue reading

Hacker news

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

On May 13, 2025 6:07 pm, by NuclearCoffee

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious… Continue reading

Mobile Game News

Methods: Complete Edition ties everything up in a neat little package

On May 13, 2025 10:45 am, by Asylum

Methods: Complete Edition brings the full Methods experience to you Explore the behind-the-scenes interviews and information Experience stylish ‘ugly cute’ visuals and meet over 100 detectives Frequent readers… Continue reading

Hacker news

Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times

On May 07, 2025 9:43 am, by NuclearCoffee

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that masquerades as a seemingly harmless Discord-related utility but incorporates a remote access trojan…. Continue reading

Hacker news

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

On Apr 23, 2025 8:29 am, by NuclearCoffee

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate… Continue reading

Hacker news

Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders

On Apr 15, 2025 7:18 pm, by NuclearCoffee

Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that’s designed to reroute trading orders placed on the MEXC cryptocurrency exchange to… Continue reading

Hacker news

Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses

On Apr 10, 2025 5:06 pm, by NuclearCoffee

Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries and execute malicious code in… Continue reading

Hacker news

Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks

On Mar 26, 2025 1:08 pm, by NuclearCoffee

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain… Continue reading

Hacker news

This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions

On Mar 07, 2025 11:07 am, by NuclearCoffee

Cybersecurity researchers have discovered a malicious Python package on the Python Package Index (PyPI) repository that’s equipped to steal a victim’s Ethereum private keys by impersonating popular libraries…. Continue reading

Hacker news

Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads

On Feb 27, 2025 1:59 am, by NuclearCoffee

Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in… Continue reading

Tag: Package

Stay Connected