T1656 7

• Fake imToken Chrome Extension Steals Seed Phrases via Phishing Redirects Mar 5, 2026
• Malicious Go "crypto" Module Steals Passwords and Deploys Rekoobe Backdoor Feb 26, 2026
• PyPI Package Impersonates SymPy to Deliver Cryptomining Malware Jan 21, 2026
• Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations Dec 23, 2025
• Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords Dec 15, 2025
• Malicious Go Packages Impersonate Google's UUID Library and Exfiltrate Data Dec 5, 2025
• Inside the GitHub Infrastructure Powering North Korea's Contagious Interview npm Attacks Nov 26, 2025