T1195.002 44
- 5 Malicious Rust Crates Posed as Time Utilities to Exfiltrate .env Files
- Fake imToken Chrome Extension Steals Seed Phrases via Phishing Redirects
- Malicious Go "crypto" Module Steals Passwords and Deploys Rekoobe Backdoor
- Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
- PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
- Malicious Chrome Extension Steals MEXC API Keys for Account Takeover
- Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
- Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords
- Malicious Go Packages Impersonate Google's UUID Library and Exfiltrate Data
- Inside the GitHub Infrastructure Powering North Korea's Contagious Interview npm Attacks
- Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
- North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads
- Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
- Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
- Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
- 60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
- Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft
- npm 'is' Package Hijacked in Expanding Supply Chain Attack
- Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
- Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
- Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban
- Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
- 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign
- Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character Hex Strings
- Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
- The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials
- Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
- Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems
- Lazarus Strikes npm Again with New Wave of Malicious Packages
- Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
- Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy
- Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- North Korean APT Lazarus Targets Developers with Malicious npm Package
- Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
- Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon
- Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
- Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages
- Malicious Maven Package Impersonating 'XZ for Java' Library Introduces Backdoor Allowing Remote Code Execution
- Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
- Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
- Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
- Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber
- Noxia: Emerging Dark Web Hosting Provider Targets Python, Node.js, Go, and Rust Ecosystems
- Typosquatting on PyPI: Malicious Package Mimics Popular 'browser-cookie3' Library to Steal Sensitive Data