Tag: npm
116 articles

Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages
Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.

Malware Worms Into SAP, Intercom and Lightning Developer Tools
Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

SAP npm Packages Compromised in Supply-Chain Attack
Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Supply-Chain Attacks Target Software Libraries
Supply-chain attacks are now using automation tools to spread malware at alarming speed, with recent incidents showing malicious code can go live in mere hours and be merged into projects in just minutes. This sinister trend highlights the dark side of modern software development's emphasis on speed and automation.

Malware Targets Developers with Worm-Like Npm Supply Chain Attack
Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.

Bitwarden CLI npm package targeted in supply chain attack
Bitwarden swiftly contained a brief supply chain attack on its CLI npm package, confirming that a single malicious release was live for under two hours on April 22, 2026, and assuring users that their vault data remained safe. The incident was quickly remediated, with the compromised access revoked and the malicious release deprecated.

npm Worm Targets Dev Environments, Exploits Supply Chain
A newly discovered npm malware attack has infected multiple packages, using sneaky tactics like install-time execution and credential theft to compromise developer environments and spread through the supply chain. This self-propagating malware strain appears to be targeting specialized developer workflows, putting a spotlight on vulnerabilities in the software development process.

North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems
Beware of the Trojan horse in your code: North Korean hackers have quietly infiltrated multiple package ecosystems, publishing around 1,700 malicious packages that masquerade as legitimate developer tools but act as malware loaders. This sneaky campaign, linked to the Contagious Interview group, puts developers and organizations relying on shared code on high alert.

North Korea-linked actor compromises axios NPM package
A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

North Korean Hackers Target Axios Maintainer in Supply Chain Breach
A shocking supply chain breach has been uncovered, where North Korean hackers launched a highly targeted social engineering campaign against the maintainer of the Axios npm package, successfully altering code relied upon by others. The attackers' tailored approach raises urgent questions about trust and vulnerability in open-source ecosystems.

Hackers Compromise Axios Package to Spread RAT Malware
A recent breach of the popular Axios npm package has exposed a critical supply chain vulnerability: hackers hijacked a maintainer account to spread remote access trojans, putting thousands of applications and developers at risk.

Google Links Axios npm Breach to North Korea's UNC1069 Group
Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.

Anthropic Confirms Claude Code Source Leaked via npm Error
A recent mishap at Anthropic led to the public leak of internal code for its AI coding assistant, Claude Code, due to a simple human error during the npm packaging process. Fortunately, the company confirmed that no sensitive customer data was exposed, and swift action can mitigate the impact of this isolated incident.

Anthropic Exposes Closed-Source Code in NPM Package Leak
A single character typo in a package manifest led to a major oops for Anthropic, the creators of Claude AI, as they accidentally leaked the source code for their closed-source language model, Claude Code. Fortunately, the company quickly acknowledged the mistake and assured that no customer data or credentials were compromised.

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats
A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware
A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Axios Hit by Critical Supply Chain Attack
A critical supply chain attack has hit Axios, a popular HTTP client, compromising the integrity of its npm package and raising fresh concerns about the security of our digital infrastructure. Malicious versions of the Axios package were published, injecting a fake dependency that put users at risk.

Shai-Hulud-Like Worm: Exclusive Critical npm Threat
What if the npm packages you trust were actually malicious? Researchers uncovered a Shai‑Hulud‑like, self‑replicating worm hidden in npm packages that runs at install time to steal developer and CI secrets, hijack AI tooling, and spread across the registry.

Malware Stunningly Evades AI in Critical npm Breach
Think your npm packages are safe? Researchers found a malicious npm package that talks to a remote AI-like controller, adapting at runtime to dodge scanners and quietly steal valuable data.

Shai-Hulud v2 Exclusive: Dangerous Spread Exposes Secrets
Shai‑Hulud’s second wave has jumped from npm into Maven, turning trusted packages into a secret‑stealing worm that probes CI and environment tokens and self‑replicates through dependencies. If you build or secure software, now’s the moment to rotate credentials, harden pipelines, and vet every dependency.

New npm Malware Campaign Exclusive: Severe Crypto Redirects
When the libraries you trust become trapdoors, developers are in for a rude awakening: a new npm malware campaign by dino_reborn hides in seven packages and uses cloaking and fake CAPTCHAs to selectively redirect victims to cryptocurrency phishing flows. This supply‑chain‑style attack evades scanners by activating only under certain conditions, turning convenience into a costly risk.

Invisible npm malware: Exclusive, Dangerous Token Theft
PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.

Npm Malware: Shocking Invisible Dependencies Are Dangerous
Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.

Self-Replicating Worm: Stunning Threat Hits 180+ Packages
A stark wake-up call: a self-replicating worm has infected 187+ NPM packages, stealing and publicly exposing developer tokens during installs. By weaponizing automated installs and transitive dependencies, it turns every npm install into a potential propagation engine.