JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It
RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\
Attacks Analysis Ectoplasm: npm install hooks that harvest AWS credentials behind a container-only trigger June 12, 2026
Attacks Analysis SeedSweep: Ten Crypto-Themed npm Packages That Only Run When No One Is Watching June 9, 2026
Attacks Analysis PairLoop: One npm Package, Seventy Versions, and a Hidden Windows Remote-Control Panel June 5, 2026
Attacks Analysis ConsentMask: An npm Package That Wears a Telemetry Consent Banner Over Developer-Identity Harvesting June 4, 2026
Attacks Analysis JulesJacker: A Fake-PoC npm Worm That Impersonates Google’s Jules Agent — and Turns on the Sandbox Analyzing It May 29, 2026
Attacks Analysis RuntimeBroker: an npm Typosquat Plants a 40-Chain Crypto-Clipper as a Cross-OS \”System Runtime Helper”\ May 22, 2026
Attacks Analysis AuditorTrap: A 22-Package Fake Crypto Security Guild on npm With Two Parallel Payloads May 21, 2026
Attacks Analysis PhantomBot: A Typosquat Campaign That Pivoted From Credential Theft to a Turnkey Botnet Kit May 18, 2026
