Ahmad Nassri
@ahmadnassri.com
Syrian-Canadian 🇸🇾🇨🇦, Fractional CTO, Developer Accelerator.
past: npm, Telus, Kong, CBC, BlackBerry
past: npm, Telus, Kong, CBC, BlackBerry
→ 175 malicious packages
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
175 Malicious npm Packages Host Phishing Infrastructure Targ...
175 malicious npm packages (26k+ downloads) used unpkg CDN to host redirect scripts for a credential-phishing campaign targeting 135+ organizations wo...
socket.dev
October 10, 2025 at 12:34 PM
→ 175 malicious packages
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
→ 135+ targeted organizations
→ 26,800+ downloads
→ Fully automated victim generation
→ Pre-filled credential forms
→ Complete PyInstaller toolkit included
Technical deep-dive with full IOCs: 👉 socket.dev/blog/175-mal...
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
October 10, 2025 at 12:34 PM
AppSec is not just protecting your product/business, it's about protecting everyone!
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
These packages do nothing malicious to developers/products they infect. Instead, they are targeting web visitors of the infected apps, with the ultimate goal of mass credential harvesting.
note: those existed in non-fractional roles as well, but I saw those as my ownership to fix / address, and for the most part, I managed to resolve ~80% of the time
July 26, 2023 at 12:08 PM
note: those existed in non-fractional roles as well, but I saw those as my ownership to fix / address, and for the most part, I managed to resolve ~80% of the time
dev++ 🧠: write a custom TF module to group & manage domains with a yaml data source that shares reusable configs
July 25, 2023 at 5:21 PM
dev++ 🧠: write a custom TF module to group & manage domains with a yaml data source that shares reusable configs