Latest news

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control
Malware

Critical npm Supply Chain Attack: Malicious ‘dbmux’ Package Gives Hackers Full System Control

11 June 2026 dark6

A malicious npm package named dbmux was discovered containing malware that gives attackers complete control over any developer system that...
Read more 0
Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers
Cybercrime

Massive Supply Chain Attack: Poisoned VS Code Extension and “Megalodon” Campaign Steal Credentials from Millions of Developers

1 June 2026 dark6

Two coordinated supply chain attacks poisoned the Nx Console VS Code extension (2.2M installs) and backdoored 5,561 GitHub repositories simultaneously,...
Read more 0
Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor
Malware

Malicious npm Package forge-jsxy Pushes 22 Versions in 22 Days to Steal Crypto Wallets and Deploy Persistent Backdoor

29 May 2026 dark6

The npm package forge-jsxy quietly stole cryptocurrency wallet keys, browser credentials, and developer data across Windows, macOS, and Linux —...
Read more 0
GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace
Malware

GlassWorm Escalates: 73 New “Sleeper” Extensions Discovered on Open VSX Marketplace

27 April 2026 dark6

Aikido Security has identified 73 new GlassWorm "sleeper" extensions on the Open VSX marketplace, marking a dangerous escalation in a...
Read more 0