Threat Digest

Diagram of Axios npm compromise injecting plain-crypto-js RAT across Windows, macOS, and Linux

Inside the Axios Hijack: How DPRK RATs Slipped into Dev Workflows Worldwide

Your next npm install could drop a North Korean RAT on your machine. That's the brutal reality for devs worldwide after the Axios supply chain attack—and it's already hit finance, tech, and healthcare.

4 min read 5 hours ago

Infographic showing GlassWorm infection chain from npm package to fake Chrome extension surveillance

Threat Intelligence

GlassWorm's Stealthy Crawl: Fake Extensions and Blockchain C2 Turn Dev Tools into Spyware Nightmares

Developers grabbed what looked like a routine npm update. Hours later, GlassWorm had turned their machines into crypto-stealing spies, complete with fake browser extensions watching every tab.

3 min read 5 hours ago

#npm security

Inside the Axios Hijack: How DPRK RATs Slipped into Dev Workflows Worldwide

GlassWorm's Stealthy Crawl: Fake Extensions and Blockchain C2 Turn Dev Tools into Spyware Nightmares

Stay in the loop