Dossier
malicious packages
Coverage of malicious packages in the Nexus archive.
- GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.
- ‘TrapDoor’ malware targets crypto dev tools in supply chain attack
A campaign named 'TrapDoor' is using malicious packages to target cryptocurrency development tools in a supply chain attack, aiming to steal crypto assets by injecting hidden instructions that hijack popular AI coding assistants. Socket has reported this threat, highlighting the exploitation of AI tools to facilitate the theft.