My colleagues and I at @securitylabs.datadoghq.com did a deep-dive on some recently discovered malicious VS Code extensions targeting Solidity developers.

Check it out here: securitylabs.datadoghq.com/articles/mut...

My colleague, Sebastian Obregoso, and I had the privilege of writing a guest post for OpenSSF's blog on how we detect malicious open source packages at @securitylabs.datadoghq.com using GuardDog.

Check it out here: openssf.org/blog/2025/03...

The malicious packages dataset can be found here:
github.com/DataDog/mali...

Meanwhile, GuardDog findings are more like indicators of potentially suspicious or malicious package behavior rather than a conclusive determination. Review of the findings is crucial to how we produce a high-quality dataset for SCFW to consume.

Hi, I work on both projects. SCFW consults our dataset of human-reviewed malicious packages to determine when to block. Unlike GuardDog, it doesn't do any package scanning of its own.

Interested in malicious software packages? Our open-source dataset just hit over 5,000 samples of malicious npm and PyPI packages!

github.com/DataDog/mali...