T1027 6

• Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations Dec 23, 2025
• Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys Oct 22, 2025
• Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft Jul 23, 2025
• Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence Feb 4, 2025
• Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts Dec 20, 2024
• Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor Allowing Remote Code Execution Dec 6, 2024