Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

September 4, 2025

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways to distribute malware and fly under the radar.
“The two npm packages abused smart contracts to conceal malicious

Source: Read More

Previous ArticleSmashing Security podcast #433: How hackers turned AI into their new henchman

Next Article How Russia-Linked Spies Turned Everyday Websites into Surveillance Traps aka ‘Watering Hole’

Highlights

CVE-2025-9247 – Linksys Router Stack-Based Buffer Overflow Vulnerability

August 20, 2025

CVE ID : CVE-2025-9247

Published : Aug. 20, 2025, 9:15 p.m. | 3 hours, 35 minutes ago

Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

What You Need to Know About CSS Color Interpolation

Why browsers throttle JavaScript timers (and what to do about it)

Why browsers throttle JavaScript timers (and what to do about it)

How to create Google Gemini AI component in Total.js Flow

Drupal 11’s AI Features: What They Actually Mean for Your Team

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

How to focus on building your skills when everything’s so distracting with Ania Kubów [Podcast #187]

Introducing freeCodeCamp Daily Python and JavaScript Challenges – Solve a New Programming Puzzle Every Day

New iOS Critical Vulnerability That Could Brick iPhones With a Single Line of Code

Microsoft resurrects Edge extension feature years after scrapping its last test

This OnePlus 13 deal makes upgrading to the flagship Android a much easier decision for me

Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update

CVE-2025-9247 – Linksys Router Stack-Based Buffer Overflow Vulnerability

CVE-2025-6530 – “70mai M300 Telnet Service Denial of Service Vulnerability”

CVE-2025-8267 – Apache SSRF in ssrfcheck

CVE-2025-48219 – O2 UK IMS E-UTRAN Cell Identity Leak

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Related Posts