Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

1 min.

June 4, 2025

Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens…

Want to learn more? Here are some additional pieces for you to read.

News
Checkmarx Surfaces Malicious Effort to Compromise Software Supply Chains

News
RSAC 2025: 4 Cybersecurity Trends Shaping Tomorrow’s Threatscape

News
Have a Beef With AI? Here’s How to Poison a Large Language Mode

News
Checkmarx One Breaks the AppSec Barrier by Delivering ASPM Directly to Developers

News
What does the future of AI-powered software development look like — and how secure is it?

News
Jonathan Rende Joins Checkmarx as Chief Product Officer

News
How Agentic AI Is Revolutionizing Security—And How To Keep It Safe

News
DevSecOps Evolution Continues but Still in Early Stages

News
Checkmarx Earns Top Marks as a Customers’ Choice in Security

News
How CISOs can tackle the pernicious problem of poisoned packages

News
Inbal Shani joins Checkmarx board to drive strategic growth

News
Generative AI in Application Security report from Checkmarx

News
The top new cybersecurity products at Black Hat USA 2024

News
Hackers Warn of Dangerous New 0-Click Threat to GenAI Apps

News
Shifting Application Security Left and Right — Sandeep Johri, Checkmarx

News
Securing Java Applications in the Cloud: Best Practices and Tools

News
How Do Attackers Hijack Old Domains and Subdomains?

News
Hackers threaten to leak Amazon Ring data after claiming responsibility for ransomware attack

News
Expert Comment: Github announces 2FA to be introduced

News
Understanding Technical Debt for Software Teams

Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks

Read More