Datadog threat roundup: Top insights for Q1 2025

Datadog's Q1 2025 threat roundup details a range of cloud-focused and supply-chain threats: trojanized npm packages (including a compromised Rspack release) delivering cryptojacking and infostealers, multiple malicious npm campaigns that add SSH backdoors or deploy RATs, credential harvesting targeting Huawei/Alibaba/Tencent cloud users, opportunistic exploitation of internet-facing services and IoT (XorBot activity and Spring Boot-targeting droppers), and abuse of customer infrastructure for censorship-bypass proxies and miners; the report includes technical indicators, code snippets, IOCs, and mitigation guidance such as access key rotation, BEC/OAuth detection, and expanded monitoring.