Obfuscation 21
- 72 Malicious Open VSX Extensions Linked to GlassWorm Campaign Now Using Transitive Dependencies
- SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
- Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
- Shai Hulud Strikes Again (v2)
- Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
- Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft
- npm 'is' Package Hijacked in Expanding Supply Chain Attack
- Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
- The Landscape of Malicious Open Source Packages: 2025 Mid‑Year Threat Report
- Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
- Lazarus Strikes npm Again with New Wave of Malicious Packages
- Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
- Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- North Korean APT Lazarus Targets Developers with Malicious npm Package
- Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon
- Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
- Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages
- Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
- Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber
- Massive npm Malware Campaign Leverages Ethereum Smart Contracts To Evade Detection and Maintain Control
- Author Typosquatting on npm: Attackers Impersonate Sindre Sorhus with Malicious 'chalk-node' Package