The OpenSourceMalware Show #10
ID: b71401f5-906e-548a-aacf-ee81f00c17dc
STIX ID: report--b71401f5-906e-548a-aacf-ee81f00c17dc
Feed Name: OpenSourceMalware Blog
Date Published: 2026-06-25
Date Updated: 2026-07-02
Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e
This podcast episode summarizes current software supply chain threats, highlighting DPRK Lazarus Group activity (version "sandwiching" to hide malicious versions, reuse of Aptos/Tron/BSC memos as mutable C2, and embedded human-readable campaign tags) and general trends including cross-ecosystem malicious packages (npm/PyPI/VS Code), dynamic imports from external URLs that evade package managers and firewalls, clustered packages with single payload providers, and payload splitting across files or packages—providing defenders with observable TTPs and examples to inform detection and hunting.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
