Datadog threat roundup: Top insights for Q2 2025

Datadog Security Research Q2 2025 roundup details active, multi-vector threats: supply-chain compromises (malicious VS Code extensions and obfuscated NPM packages/typosquats) distributing info-stealers and cryptominers, Mimo Linux malware expanding to Magento with rootkit and memory-only execution techniques, and a novel cloud-native persistence technique using API Gateway + Lambda to auto-create IAM users for durable access. The report highlights platform-agnostic attacker tradecraft affecting developer ecosystems, container and serverless infrastructure, and recommends auditing cron jobs, /etc/ld.so.preload, memory-backed execution artifacts, and cloud IAM roles and API Gateway/Lambda configurations.