T1027.013 14

72 Malicious Open VSX Extensions Linked to GlassWorm Campaign Now Using Transitive Dependencies Mar 13, 2026
Malicious Go Packages Impersonate Google's UUID Library and Exfiltrate Data Dec 5, 2025
North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads Oct 10, 2025
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Jul 14, 2025
Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages Jun 25, 2025
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS May 7, 2025
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads Apr 4, 2025
Lazarus Strikes npm Again with New Wave of Malicious Packages Mar 10, 2025
Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems Mar 4, 2025
North Korean APT Lazarus Targets Developers with Malicious npm Package Jan 29, 2025
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets Jan 8, 2025
Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon Jan 3, 2025
Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages Dec 18, 2024
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets Nov 19, 2024