This page collects WhisperX intelligence signals tagged #typosquatting. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A newly identified supply chain attack is targeting software developers through typosquatting npm packages that weaponize Claude Code's SessionStart hooks to establish persistent backdoors on infected systems. The campaign delivers a statically linked, UPX-compressed ELF binary that activates during package installatio...
A sophisticated npm supply chain attack has surfaced, exploiting typosquatting techniques to distribute a Rust-based malware payload designed to harvest developer credentials and establish persistent footholds across software ecosystems. The campaign, attributed to the Sukob threat actor, leverages a malicious package ...
Security researchers have uncovered a typosquatting campaign that impersonates Vercel, the popular web development platform, to distribute an obfuscated malware loader targeting macOS systems. The attack chain leverages the trusted reputation of Vercel to trick developers into downloading malicious packages, marking an...