All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

cb482791-4ef1-4762-96ad-b0ca4bdd538e

17 articles found across 1 feed

Appears on

Articles17

The OpenSourceMalware Show #12

Interview with Head of Security at Open VSX, plus new PolinRider research, and two security venders get in trouble with the community

0
OpenSourceMalware Blog5h ago

TeamPCP Supply Chain Campaign: A March 2026 Retrospective

TeamPCP executed a cascading multi-phase supply chain attack that started with a single unrevoked credential stolen from Trivy's CI pipeline.

0
OpenSourceMalware Blog3mo ago

The Social Engineering Playbook Attackers Use to Target OSS Maintainers

Account takeovers are some of the most harmful malware campaigns. Many start by compromising a maintainer account through social engineering.

0
OpenSourceMalware Blog3mo ago

The OpenSourceMalware Show #1

TeamPCP compromises Bitwarden, npm lifecycle scripts, OWASP's npm security cheat sheet

0
OpenSourceMalware Blog2mo ago

The OpenSourceMalware Show #2

Lovable and Vercel security incidents, a crazy git push RCE exploit, EDR vs AI agents, and the Mini-Shai-Hulud attack

0
OpenSourceMalware Blog2mo ago

The OpenSourceMalware Show #3

git hook persistence, Antrea compromise, Dirty Frag, cPanel exploitation, interpreted language malware

0
OpenSourceMalware Blog2mo ago

The OpenSourceMalware Show #4

RubyGems bot attack, ShinyHunters ransom Canvas, and the latest on Mini Shai-Hulud.

0
OpenSourceMalware Blog1mo ago

How Malware Abuses NPM Lifecycle Scripts and VS Code Tasks

npm lifecycle scripts and VS Code tasks.json are productivity features that threat actors have learned to weaponize triggering malware

0
OpenSourceMalware Blog1mo ago

The OpenSourceMalware Show #5

npm staged publishing, DPRK's Axios-linked packages, TeamPCP's biggest npm maintainer compromise yet, and how a poisoned VS Code extension led to a GitHub emplo

0
OpenSourceMalware Blog1mo ago

The OpenSourceMalware Show #6

OSV false positives, Crowdstrike takedown of Glassworm infra, and MSFT nukes a researcher

0
OpenSourceMalware Blog1mo ago

The OpenSourceMalware Show #7

Miasma npm worm targets Red Hat via trusted publishing abuse, OpenSourceMalware 2026 threat data, and the gray-area Moika campaign.

0
OpenSourceMalware Blog1mo ago

The Software Supply Chain Malware Landscape: January - May 2026

We surfaced three trends about malware: npm and PyPI growing at similar rates, ATOs aren’t the only risk, and threat actors targeted non-developers.

0
OpenSourceMalware Blog1mo ago

Active Malware Campaigns in January-May 2026

We surfaced three trends about malware: npm and PyPI growing at similar rates, ATOs aren’t the only risk, and threat actors targeted non-developers.

0
OpenSourceMalware Blog1mo ago

The OpenSourceMalware Show #8

MSFT unpublished 73 repos, VS Code extension cooldowns, npm v12, Miasma open-sourced, and package firewalls

0
OpenSourceMalware Blog28d ago

The OpenSourceMalware Show #9

Mastra compromise, agentjacking, and malware mythbusting

0
OpenSourceMalware Blog21d ago

The OpenSourceMalware Show #10

Version sandwiching, blockchain C2 reuse, cross-ecosystem attacks, dynamic imports, and payload splitting

0
OpenSourceMalware Blog14d ago

The OpenSourceMalware Show #11

NPM account lockout protection, GitHub Enterprise credential revocation, researcher-deployed malware, and an FBI notice on Team PCP

0
OpenSourceMalware Blog7d ago
cb482791-4ef1-4762-96ad-b0ca4bdd538e: Articles | FeedBagel