T1546.016 15

• Inside the GitHub Infrastructure Powering North Korea's Contagious Interview npm Attacks Nov 26, 2025
• North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads Oct 10, 2025
• Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Jul 14, 2025
• Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages Jun 25, 2025
• Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads Apr 4, 2025
• Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems Mar 19, 2025
• Lazarus Strikes npm Again with New Wave of Malicious Packages Mar 10, 2025
• Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems Mar 4, 2025
• North Korean APT Lazarus Targets Developers with Malicious npm Package Jan 29, 2025
• Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets Jan 8, 2025
• Weaponizing OAST: How Malicious Packages Exploit npm, PyPI, and RubyGems for Data Exfiltration and Recon Jan 3, 2025
• Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts Dec 20, 2024
• Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages Dec 18, 2024
• Roblox Developers Targeted with npm Packages Infected with Skuld Infostealer and Blank Grabber Nov 8, 2024
• Typosquatting on PyPI: Malicious Package Mimics Popular 'browser-cookie3' Library to Steal Sensitive Data Oct 11, 2024