https://opensourcemalware.com/blog Security research and threat intelligence from OpenSourceMalware en-us Mon, 16 Mar 2026 00:00:00 GMT https://opensourcemalware.com/blog/four-arms-one-monster https://opensourcemalware.com/blog/four-arms-one-monster Multiple security researchers identify new Glassworm attacks that have compromised 430+ GitHub projects and attacked PyPI, NPM and the VS Code marketplace Mon, 16 Mar 2026 00:00:00 GMT 6mile https://opensourcemalware.com/blog/xpack-attack https://opensourcemalware.com/blog/xpack-attack A new NPM malware campaign weaponizes extorts crypto payments from developers during package installation Sun, 09 Feb 2026 00:00:00 GMT 6mile https://opensourcemalware.com/blog/malicious-clawhub-skills-hide-in-plain-sight https://opensourcemalware.com/blog/malicious-clawhub-skills-hide-in-plain-sight Threat actors have evolved their ClawHub attack strategy by moving payloads to a convincing fake website, flooding the registry with 40+ trojanized skills that redirect victims to download malware. Sun, 09 Feb 2026 00:00:00 GMT 6mile https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto 14 malicious skills targeting Claude Code and Moltbot users were published to ClawdHub delivering information-stealing malware to macOS and Windows systems Sat, 01 Feb 2026 00:00:00 GMT 6mile https://opensourcemalware.com/blog/oss-maintainters-vscode-tasks-compromised https://opensourcemalware.com/blog/oss-maintainters-vscode-tasks-compromised At least 21 small OSS maintainers hit in 72 hours via malicious VS Code task configurations Mon, 26 Jan 2026 00:00:00 GMT 6mile https://opensourcemalware.com/blog/contagious-code-fake-font https://opensourcemalware.com/blog/contagious-code-fake-font North Korean threat actors create new version of "Contagious Interview" that uses VS Code tasks to lauch malware hiding in fake fonts Wed, 28 Jan 2026 00:00:00 GMT Paul McCarty https://opensourcemalware.com/blog/elf-stats-spam-campaign https://opensourcemalware.com/blog/elf-stats-spam-campaign In the last couple hours a new spam campaign has hit NPM. There are currently 40 packages in the campaign and the malware claims to generate a new package every two minutes. Wed, 03 Dec 2025 00:00:00 GMT 6mile https://opensourcemalware.com/blog/contagious-interview-vscode https://opensourcemalware.com/blog/contagious-interview-vscode The OSM team analyzes a new version of the North Korean DPRK Contagious Interview campaign that uses Microsoft Visual Studio Code tasks files for infection and persistence. Sat, 29 Nov 2025 00:00:00 GMT 6mile https://opensourcemalware.com/blog/indonesianfoods-npm-worm https://opensourcemalware.com/blog/indonesianfoods-npm-worm An in-depth analysis of the IndonesianFoods worm, a coordinated attack that published over 86,500 malicious packages to the NPM registry, affecting 60 NPM users and more than doubling the known number of malicious NPM packages. Thu, 13 Nov 2025 00:00:00 GMT Paul McCarty https://opensourcemalware.com/blog/security-best-practices https://opensourcemalware.com/blog/security-best-practices Essential security practices every developer should follow to protect their projects from malicious dependencies. Thu, 25 Jan 2024 00:00:00 GMT DevSec Team https://opensourcemalware.com/blog/supply-chain-attacks https://opensourcemalware.com/blog/supply-chain-attacks A deep dive into how attackers compromise open source packages and what you can do to protect your projects. Sat, 20 Jan 2024 00:00:00 GMT Security Research Team https://opensourcemalware.com/blog/getting-started https://opensourcemalware.com/blog/getting-started Learn how to contribute to the OpenSource Malware community and help protect the software supply chain from malicious packages. Mon, 15 Jan 2024 00:00:00 GMT OpenSource Malware Team