logo

The OpenSourceMalware Show #11

ID: d825a2c3-357a-5429-a186-7765149af906

STIX ID: report--d825a2c3-357a-5429-a186-7765149af906

Feed Name: OpenSourceMalware Blog

Threat Score
55/100

Date Published: 2026-07-02

Date Updated: 2026-07-03

Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e

...
...

**Executive summary:** The OpenSourceMalware show covers recent supply-chain and credential risks: NPM introduced a 72-hour read-only lock for high-impact accounts and GitHub Enterprise added credential revocation tools; a researcher-published set of npm packages were found to act as info-stealers targeting AI companies (exfiltrating .git and .ssh data without direct credentials); and the FBI issued a FLASH on TeamPCP with IOCs and behaviour notes—overall a situational intelligence roundup highlighting active but not widespread exploitation.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.