cb482791-4ef1-4762-96ad-b0ca4bdd538e
17 articles on OpenSourceMalware Blog
Appears on
Articles17
The OpenSourceMalware Show #12
Interview with Head of Security at Open VSX, plus new PolinRider research, and two security venders get in trouble with the community
TeamPCP Supply Chain Campaign: A March 2026 Retrospective
TeamPCP executed a cascading multi-phase supply chain attack that started with a single unrevoked credential stolen from Trivy's CI pipeline.
The Social Engineering Playbook Attackers Use to Target OSS Maintainers
Account takeovers are some of the most harmful malware campaigns. Many start by compromising a maintainer account through social engineering.
The OpenSourceMalware Show #1
TeamPCP compromises Bitwarden, npm lifecycle scripts, OWASP's npm security cheat sheet
The OpenSourceMalware Show #2
Lovable and Vercel security incidents, a crazy git push RCE exploit, EDR vs AI agents, and the Mini-Shai-Hulud attack
The OpenSourceMalware Show #3
git hook persistence, Antrea compromise, Dirty Frag, cPanel exploitation, interpreted language malware
The OpenSourceMalware Show #4
RubyGems bot attack, ShinyHunters ransom Canvas, and the latest on Mini Shai-Hulud.
How Malware Abuses NPM Lifecycle Scripts and VS Code Tasks
npm lifecycle scripts and VS Code tasks.json are productivity features that threat actors have learned to weaponize triggering malware
The OpenSourceMalware Show #5
npm staged publishing, DPRK's Axios-linked packages, TeamPCP's biggest npm maintainer compromise yet, and how a poisoned VS Code extension led to a GitHub emplo
The OpenSourceMalware Show #6
OSV false positives, Crowdstrike takedown of Glassworm infra, and MSFT nukes a researcher
The OpenSourceMalware Show #7
Miasma npm worm targets Red Hat via trusted publishing abuse, OpenSourceMalware 2026 threat data, and the gray-area Moika campaign.
The Software Supply Chain Malware Landscape: January - May 2026
We surfaced three trends about malware: npm and PyPI growing at similar rates, ATOs aren’t the only risk, and threat actors targeted non-developers.
Active Malware Campaigns in January-May 2026
We surfaced three trends about malware: npm and PyPI growing at similar rates, ATOs aren’t the only risk, and threat actors targeted non-developers.
The OpenSourceMalware Show #8
MSFT unpublished 73 repos, VS Code extension cooldowns, npm v12, Miasma open-sourced, and package firewalls
The OpenSourceMalware Show #9
Mastra compromise, agentjacking, and malware mythbusting
The OpenSourceMalware Show #10
Version sandwiching, blockchain C2 reuse, cross-ecosystem attacks, dynamic imports, and payload splitting
The OpenSourceMalware Show #11
NPM account lockout protection, GitHub Enterprise credential revocation, researcher-deployed malware, and an FBI notice on Team PCP
