left some thoughts in the thread, moving away from postinstall is definitely a step in the right direction, but it will not alleviate security scanning concerns.
December 3, 2025 at 9:51 PM
left some thoughts in the thread, moving away from postinstall is definitely a step in the right direction, but it will not alleviate security scanning concerns.
→ 175 malicious packages
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
175 Malicious npm Packages Host Phishing Infrastructure Targ...
175 malicious npm packages (26k+ downloads) used unpkg CDN to host redirect scripts for a credential-phishing campaign targeting 135+ organizations wo...
socket.dev
October 10, 2025 at 12:34 PM
→ 175 malicious packages
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
October 10, 2025 at 12:34 PM
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.