Unlike some other public repositories, the npm package repository is never really quiet. And, while there has been some decline in malware numbers between 2023 and 2024, this year’s numbers don’t seem to continue that downward trend. Still, while RL has detected some interesting npm malware so far this year, none of it warranted a…
Category: Threat Research
Global Security News, Security Bloggers Network, Threat Research
Sextortion scams are on the rise — and they’re getting personal
Scammers are in on the sextortion trend. Our expert analysis on this trend found that the likelihood of being targeted by sextortion scammers in the first few months of 2025 increased by a whopping 137% in the U.S., while the risk jumped to 49% in the U.K. and 34% in Australia. The post Sextortion scams…
Global Security News, Security Bloggers Network, Threat Research
A new playground: Malicious campaigns proliferate from VSCode to npm
ReversingLabs researchers have been monitoring multiple public repositories over the past few years. Recently, our team has expanded its threat hunting efforts to VSCode Marketplace — and the researchers started to see an increasing amount of malicious activity. In the past, RL researchers have observed how easy and quickly it is for supply chain attacks…
Global Security News, Security Bloggers Network, Threat Research
FakeCaptcha scams—When the “I’m not a robot” button is a trap
How many times you’ve clicked the “I’m not a robot” CAPTCHA checkbox without a second thought? We’ve all done it … countless times. It’s such a familiar step that we don’t question it. And, cybercriminals have taken note of that. The post FakeCaptcha scams—When the “I’m not a robot” button is a trap appeared first…