Skip to main content

Tag: npm

116 articles

A laptop with a blank screen sits amidst scattered papers and generic development tools in a well-lit workspace.

IronWorm Malware Infects 36 npm Packages in Supply-Chain Attack

Meet IronWorm, a sneaky Rust-based infostealer that's infected 36 npm packages, putting a wide range of sensitive credentials and secrets at risk of being harvested. This stealthy malware operates undetected, targeting everything from AWS and OpenAI credentials to cryptocurrency wallet files.

Analyst 207
Laptop screen displays ominous code in dimly lit workspace.

Red Hat npm Scope Hijacked to Spread Cloud Credential Malware

In a shocking 72 seconds, an attacker hijacked Red Hat's npm scope to spread malware, publishing 32 malicious packages that racked up nearly 10 million downloads. The sneaky move exploited the trust developers have in Red Hat's official namespace, turning it into a conduit for cloud credential malware.

Analyst 207
Software development workspace with laptop and papers, subtle coding environment in background.

Red Hat npm Packages Compromised in Supply-Chain Attack

A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Analyst 207
Developer workstation with open laptop showing code, surrounded by empty coffee cups and scattered notes, hinting at a…

Miasma Supply Chain Attack Targets Red Hat npm Packages

A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Analyst 207
Developer workstation with laptop, terminal, and smartphone in a brightly-lit home office setting.

OpenAI Codex Tokens Exfiltrated in Malicious npm Supply Chain Attack

For a month, a malicious npm package called codexui-android secretly stole OpenAI Codex authentication tokens from over 29,000 weekly users, sending them to an attacker-controlled server. The package, masquerading as a remote web UI for OpenAI Codex, had gained user trust through active development before being compromised.

Analyst 207
Developer workspace with laptop, terminal, and notes, hint of cloud diagram in background.

Malicious npm Packages Target Cloud Credentials

Malicious actors are targeting cloud credentials by publishing fake npm packages that mimic popular projects, allowing them to infiltrate developer environments and gain access to sensitive AWS and Elastic credentials. In just four hours, a single attacker published 14 malicious packages using cleverly disguised names.

Analyst 207
Cluttered computer terminal room with cables and equipment, laptop in center, faint GitHub logo on blurred screen.

AI-Generated Malware Exposes Operator's GitHub Token

A malicious npm package, disguised as a harmless sync utility called "mouse5212-super-formatter", was downloaded 676 times before it was caught stealing sensitive data and exposing its creator's GitHub token. This AI-generated malware cleverly hid its true intentions, uploading stolen files to a fake repository and covering its tracks.

Analyst 207
Developer workstation with laptop and monitor displaying code, surrounded by notes and empty coffee cups, in a modern…

TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems

A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages related to cryptocurrency, DeFi, Solana, and AI.

Analyst 207
Developer interacts with laptop in bright office, emphasizing secure package management.

GitHub Enhances npm with 2FA-Gated Publishing to Thwart Supply Chain Attacks

GitHub's new staged publishing feature on npm adds an extra layer of security, requiring maintainers to approve package releases after completing a two-factor authentication challenge, effectively preventing unauthorized publishes and reducing the risk of supply chain attacks. This human gate ensures proof of presence for every package release, safeguarding the integrity of the npm ecosystem.

Analyst 207
Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Cluttered coding workspace surrounds a laptop with a blurred webpage.

Typosquatting Evolves Into Supply Chain Threat

Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.

Analyst 207
Brightly-lit coding workstation with laptop, notes, and software materials scattered around.

Malware Campaign Compromises Hundreds of npm Packages

A new, highly aggressive malware campaign, linked to the notorious TeamPCP group, has infected hundreds of npm packages, putting countless environments at risk of exposure. If you're concerned about potential damage, take immediate action to rotate secrets, remove persistence artifacts, and review recent publish activity.

Analyst 207
Coding environment with lines of code on screen, surrounded by notes and diagrams.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Analyst 207
Developer workstation in shared office with laptop and large monitor displaying signs of GitHub Actions shared-cache…

Shai-Hulud worm infects another npm package

A copycat of the notorious Shai-Hulud worm has struck again, infecting another npm package by exploiting a GitHub Actions misconfiguration. This latest attack follows a similar pattern that recently prompted TanStack to rethink its approach to accepting outside code contributions.

Analyst 207
Blurred computer screen amidst software development environment with hint of unease.

Shai-Hulud Malware Fuels npm Infostealer Campaign

Malicious actors have unleashed a new wave of chaos with the Shai-Hulud malware, using typosquatting tactics to spread four malicious npm packages that can steal sensitive info and wreak havoc on systems. The packages, published under the account deadcode09284814, masquerade as legitimate tools, but are actually designed to siphon off credentials, cloud configs, and more.

Analyst 207
Empty developer workstation with laptop and peripherals on a neutral background.

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise your entire software development process.

Analyst 207
Software development workspace with laptop, terminal windows, coding notes, and empty coffee cups in a neutral office…

Malicious npm Packages Deliver Infostealers and DDoS Malware

Researchers uncovered malicious npm packages, including one that was essentially a clone of the notorious Shai-Hulud worm, which was uploaded with its own command-and-control server and private key, ready to steal credentials and wreak havoc. This alarming discovery highlights the growing threat of malicious packages on npm.

Analyst 207
Developer installing software on laptop at cluttered desk with subtle signs of malware in the background.

Node-ipc Package Infected with Credential-Stealing Malware

A malicious update to the widely-used node-ipc library has infected thousands of projects with credential-stealing malware, posing a significant supply-chain risk for developer environments and CI systems. With over 690,000 weekly downloads, this single compromised library could be exfiltrating sensitive data from countless unsuspecting users.

Analyst 207
Developer workstation with npm package management software on laptop screen, surrounded by clutter, with cityscape visible…

OpenAI Disrupted in TanStack npm Supply Chain Breach

Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.

Analyst 207
Dimly lit software development workspace with cluttered desk and turned-off laptop and monitor.

Malicious Node-IPC Versions Expose Developer Secrets to Stealer Backdoor

Three versions of the popular Node IPC package have been compromised with a stealthy backdoor that can steal sensitive developer secrets, sparking urgent concerns about supply-chain security. The malicious versions, published under a fake account, contain heavily obfuscated code that springs into action when the package is loaded at runtime.

Analyst 207
Cluttered software development workstation with laptop, monitor, and papers in an office environment.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack

OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Analyst 207
A cluttered tech workspace with a laptop and coding materials in a neutral-colored room.

Malware Worm Targets npm, PyPi in Mass Supply-Chain Attack

A self-spreading worm, dubbed Mini Shai-Hulud, has infected over 170 packages with nearly 180 million weekly downloads, posing a massive threat to the software supply chain. This highly contagious malware has been open-sourced, making it easier for others to exploit and escalate the attack.

Analyst 207
Developer workstation with laptop, coding environment, notes, and coffee cups, with daylight and cityscape in background.

Malware Targets TanStack npm Packages in Supply Chain Attack

Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

Analyst 207
Laptop workstation with blank screen, surrounded by papers and notes in a neutral-colored room.

TanStack npm packages compromised in cache-poisoning attack

Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Analyst 207