OpenSourceMalware Blog
ID: a33ff194-0219-5a2f-8d57-900cc8675349
STIX ID: identity--a33ff194-0219-5a2f-8d57-900cc8675349
Feed Type: rss
Earliest post: 2024-01-15
Latest post: 2026-11-20
In-depth malware research, threat analysis, and technical dissections of malicious code — focused on open-source investigations, reverse engineering breakdowns, and actionable insights for defenders.
All
01/01/2020
07/14/2026
| Title | Date Published ↓ | Describes Incident | Author | Visible | |||
|---|---|---|---|---|---|---|---|
| The OpenSourceMalware Show #11 | 2026-07-02 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| The OpenSourceMalware Show #10 | 2026-06-25 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| The OpenSourceMalware Show: #9 | 2026-06-18 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| Active Malware Campaigns in January-May 2026 | 2026-06-08 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| Miasma Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds | 2026-06-06 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| The Software Supply Chain Malware Landscape: January - May 2026 | 2026-06-03 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| TeamPCP Compromises AntV and 322 Other NPM Packages | 2026-05-20 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Axios Attacker Behind Three More Malicious NPM Packages | 2026-05-19 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| How Malware Abuses NPM Lifecycle Scripts and VS Code Tasks | 2026-05-14 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| TeamPCP Hits TanStack, OpenSearch, and Mistral with Mini Shai-Hulud | 2026-05-13 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Lazarus Group Using Git Hooks To Hide Malware | 2026-05-06 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| CNCF Project Antrea Compromised in Daring GitHub Attack | 2026-05-05 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Mini Shai-Hulud Weaponizes Tasks.JSON Files | 2026-04-30 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Security Anti-Patterns Caused by AI Coding Tools | 2026-04-26 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Stardrop Supply Chain Attack Targets Venture Capital Firms, Luxury Brands, and AI Companies | 2026-04-14 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| PolinRider DPRK Attack Expands Across GitHub | 2026-04-12 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Velora (formerly ParaSwap) SDK Version 9.4.1 Compromised And Installing Malware | 2026-04-08 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| The Social Engineering Playbook Attackers Use to Target OSS Maintainers | 2026-04-01 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| Has TeamPCP Pivoted To Using The PureHVNC RAT? | 2026-03-31 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| TasksJacker DPRK Attack Compromises GitHub Users Via VS Code Tasks | 2026-03-31 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Malicious Transitive Dependency in Axios Affects Millions of Users | 2026-03-31 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| TeamPCP Supply Chain Campaign: A March 2026 Retrospective | 2026-03-26 | True | cb482791-4ef1-4762-96ad-b0ca4bdd538e | True | |||
| TeamPCP Hijacks LiteLLM's PyPI Package | 2026-03-25 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| TeamPCP Defaces Aqua Security’s Internal GitHub Org | 2026-03-23 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| GlassWorm Invades GitHub, NPM, VS Code, and Python | 2026-03-16 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Neutralinojs Compromised In DPRK Attack | 2026-03-06 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| XPACK Malware Disguises Cryptocurrency Extortion as NPM Package Monetization | 2026-02-09 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Malicious ClawHub Skills Use External Websites to Hide in Plain Sight | 2026-02-09 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Malicious ClawHub Skills Target OpenClaw Users | 2026-02-01 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| DPRK Contagious Interview “Fake Font” Abuses VS Code Tasks | 2026-01-28 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Small Open-Source Maintainers Targeted by VS Code Tasks Malware | 2026-01-26 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| A Comprehensive Analysis of DPRK's Contagious Interview | 2026-01-20 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| DPRK Malware Hiding in Microsoft VSCode Dictionary Files | 2025-12-23 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| Elf-Stats NPM Christmas Spam Campaign | 2025-12-03 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| DPRK Contagious Interview Malware Weaponizes Microsoft VSCode Tasks | 2025-11-29 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True | |||
| IndonesianFoods Worm Publishes 86,000+ Malicious NPM Packages | 2025-11-13 | True | c0a15726-c5b1-4b0d-85e6-fe15553df9e2 | True |
