T1608.001 21
- PyPI Package Impersonates SymPy to Deliver Cryptomining Malware
- Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
- Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords
- Inside the GitHub Infrastructure Powering North Korea's Contagious Interview npm Attacks
- North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads
- Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
- Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
- 60 Malicious Ruby Gems Used in Targeted Credential Theft Campaign
- Surveillance Malware Hidden in npm and PyPI Packages Targets Developers with Keyloggers, Webcam Capture, and Credential Theft
- Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
- Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages
- Monkey-Patched PyPI Packages Use Transitive Dependencies to Steal Solana Private Keys
- Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
- The Bad Seeds: Malicious npm and PyPI Packages Pose as Developer Tools to Steal Wallet Credentials
- Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
- Black Basta's Dependency Confusion Ambitions and Ransomware in Open Source Ecosystems
- Lazarus Strikes npm Again with New Wave of Malicious Packages
- Typosquatted Go Packages Deliver Malware Loader Targeting Linux and macOS Systems
- Malicious PyPI Package Exploits Deezer API for Coordinated Music Piracy
- Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
- North Korean APT Lazarus Targets Developers with Malicious npm Package