« Reports in 2026

414 reports

2026-06-17 • Microsoft

Sapphire Sleet compromised the Mastra npm ecosystem by taking over the `ehindero` maintainer account and injecting the malicious `easy-day-js` typosquat into more than 140 `mastra` and `@mastra` packages. The weaponized package ran a postinstall dropper t…

#SupplyChain #NPM #SapphireSleet #T1071.001 #T1195.002 #T1059.007 #T1027 #T1547.001 #T1059.001 #T1105 #T1055 #T1562.001 #T1543.003 #Mastra
2026-06-16 • NISOS

Nisos identified a DPRK state-sponsored employment fraud cell that submitted more than 170,000 job applications to US companies between December 2024 and September 2025, producing 76 employment offers across 22 operatives. The operation used appropriated …

#ITWorker #PiKVM #T1585
2026-06-15 • Roman

A developer-targeted LinkedIn recruiting lure sent the author to a public GitHub repository containing a hidden Node.js backdoor. The malicious code in `app/test/index.js` assembled `https://rest-icon-handler.store/icons/77` and was designed to execute wh…

#Phishing #GitHub #NPM
2026-06-14 • Genians

APT37 used Microsoft-themed spear phishing to deliver a ZIP archive containing a malicious LNK file that launched a PowerShell and batch-based infection chain. The chain installed an official embedded Python runtime, executed compiled Python bytecode disg…

#APT37 #LNK #T1059.003 #T1567.002 #T1113 #T1071.001 #T1497 #T1056.001 #T1027 #T1204.002 #T1566.001 #T1053.005 #T1059.001 #T1102 #T1497.001 #T1105 #T1123 #T1025 #NarwhalRAT