The OpenSourceMalware Show #11
ID: d825a2c3-357a-5429-a186-7765149af906
STIX ID: report--d825a2c3-357a-5429-a186-7765149af906
Feed Name: OpenSourceMalware Blog
Date Published: 2026-07-02
Date Updated: 2026-07-03
Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e
**Executive summary:** The OpenSourceMalware show covers recent supply-chain and credential risks: NPM introduced a 72-hour read-only lock for high-impact accounts and GitHub Enterprise added credential revocation tools; a researcher-published set of npm packages were found to act as info-stealers targeting AI companies (exfiltrating .git and .ssh data without direct credentials); and the FBI issued a FLASH on TeamPCP with IOCs and behaviour notes—overall a situational intelligence roundup highlighting active but not widespread exploitation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
