Skip to main content

Tag: npm

116 articles

Cluttered tech workspace with laptop and development tools on a desk.

Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages

Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.

Analyst 207
Modern workspace with a computer on a clutter-free desk, surrounded by minimal office decor.

Malware Worms Into SAP, Intercom and Lightning Developer Tools

Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

Analyst 207
Software development workstation with code editor and blurred tools, hinting at supply chain logistics in background.

SAP npm Packages Compromised in Supply-Chain Attack

Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Analyst 207
Laptop screen displays lines of code on a modern office desk with blurred equipment in the background.

Supply-Chain Attacks Target Software Libraries

Supply-chain attacks are now using automation tools to spread malware at alarming speed, with recent incidents showing malicious code can go live in mere hours and be merged into projects in just minutes. This sinister trend highlights the dark side of modern software development's emphasis on speed and automation.

Analyst 207
Developer workstation with laptop and terminal, surrounded by notes and coffee cups, with a blurred cityscape in the…

Malware Targets Developers with Worm-Like Npm Supply Chain Attack

Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.

Analyst 207
A coding workstation with a laptop, development tools, and papers in a clean, neutral-colored room.

Bitwarden CLI npm package targeted in supply chain attack

Bitwarden swiftly contained a brief supply chain attack on its CLI npm package, confirming that a single malicious release was live for under two hours on April 22, 2026, and assuring users that their vault data remained safe. The incident was quickly remediated, with the compromised access revoked and the malicious release deprecated.

Analyst 207
Cluttered developer workstation with multiple monitors, laptop, and coding materials under bright fluorescent lighting.

npm Worm Targets Dev Environments, Exploits Supply Chain

A newly discovered npm malware attack has infected multiple packages, using sneaky tactics like install-time execution and credential theft to compromise developer environments and spread through the supply chain. This self-propagating malware strain appears to be targeting specialized developer workflows, putting a spotlight on vulnerabilities in the software development process.

Analyst 207
Shadowy figure in hoodie surrounded by screens and cables, coding on laptop with multiple terminals open.

North Korean Hackers Expand Malicious Package Reach Across Multiple Coding Ecosystems

Beware of the Trojan horse in your code: North Korean hackers have quietly infiltrated multiple package ecosystems, publishing around 1,700 malicious packages that masquerade as legitimate developer tools but act as malware loaders. This sneaky campaign, linked to the Contagious Interview group, puts developers and organizations relying on shared code on high alert.

Analyst 207
Shadowy figure lurks near laptop with tangled wires and broken padlock, amidst eerie city glow.

North Korea-linked actor compromises axios NPM package

A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless applications at risk.

Analyst 207
North Korean Hackers Target Axios Maintainer in Supply Chain Breach

North Korean Hackers Target Axios Maintainer in Supply Chain Breach

A shocking supply chain breach has been uncovered, where North Korean hackers launched a highly targeted social engineering campaign against the maintainer of the Axios npm package, successfully altering code relied upon by others. The attackers' tailored approach raises urgent questions about trust and vulnerability in open-source ecosystems.

Analyst 207
Hackers Compromise Axios Package to Spread RAT Malware

Hackers Compromise Axios Package to Spread RAT Malware

A recent breach of the popular Axios npm package has exposed a critical supply chain vulnerability: hackers hijacked a maintainer account to spread remote access trojans, putting thousands of applications and developers at risk.

Analyst 207
Google Links Axios npm Breach to North Korea's UNC1069 Group

Google Links Axios npm Breach to North Korea's UNC1069 Group

Google's threat intelligence team has linked a recent breach of the Axios npm package to UNC1069, a North Korean hacking group motivated by financial gain. This alarming discovery highlights the vulnerability of the software supply chain to state-linked cybercrime.

Analyst 207
Anthropic Confirms Claude Code Source Leaked via npm Error

Anthropic Confirms Claude Code Source Leaked via npm Error

A recent mishap at Anthropic led to the public leak of internal code for its AI coding assistant, Claude Code, due to a simple human error during the npm packaging process. Fortunately, the company confirmed that no sensitive customer data was exposed, and swift action can mitigate the impact of this isolated incident.

Analyst 207
Anthropic Exposes Closed-Source Code in NPM Package Leak

Anthropic Exposes Closed-Source Code in NPM Package Leak

A single character typo in a package manifest led to a major oops for Anthropic, the creators of Claude AI, as they accidentally leaked the source code for their closed-source language model, Claude Code. Fortunately, the company quickly acknowledged the mistake and assured that no customer data or credentials were compromised.

Analyst 207
Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Analyst 207
Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Analyst 207
Axios Hit by Critical Supply Chain Attack

Axios Hit by Critical Supply Chain Attack

A critical supply chain attack has hit Axios, a popular HTTP client, compromising the integrity of its npm package and raising fresh concerns about the security of our digital infrastructure. Malicious versions of the Axios package were published, injecting a fake dependency that put users at risk.

Analyst 207
Shai-Hulud-Like Worm: Exclusive Critical npm Threat

Shai-Hulud-Like Worm: Exclusive Critical npm Threat

What if the npm packages you trust were actually malicious? Researchers uncovered a Shai‑Hulud‑like, self‑replicating worm hidden in npm packages that runs at install time to steal developer and CI secrets, hijack AI tooling, and spread across the registry.

Analyst 207
Malware Stunningly Evades AI in Critical npm Breach

Malware Stunningly Evades AI in Critical npm Breach

Think your npm packages are safe? Researchers found a malicious npm package that talks to a remote AI-like controller, adapting at runtime to dodge scanners and quietly steal valuable data.

Analyst 207
Shai-Hulud v2 Exclusive: Dangerous Spread Exposes Secrets

Shai-Hulud v2 Exclusive: Dangerous Spread Exposes Secrets

Shai‑Hulud’s second wave has jumped from npm into Maven, turning trusted packages into a secret‑stealing worm that probes CI and environment tokens and self‑replicates through dependencies. If you build or secure software, now’s the moment to rotate credentials, harden pipelines, and vet every dependency.

Analyst 207
New npm Malware Campaign Exclusive: Severe Crypto Redirects

New npm Malware Campaign Exclusive: Severe Crypto Redirects

When the libraries you trust become trapdoors, developers are in for a rude awakening: a new npm malware campaign by dino_reborn hides in seven packages and uses cloaking and fake CAPTCHAs to selectively redirect victims to cryptocurrency phishing flows. This supply‑chain‑style attack evades scanners by activating only under certain conditions, turning convenience into a costly risk.

Analyst 207
Invisible npm malware: Exclusive, Dangerous Token Theft

Invisible npm malware: Exclusive, Dangerous Token Theft

PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.

Analyst 207
Npm Malware: Shocking Invisible Dependencies Are Dangerous

Npm Malware: Shocking Invisible Dependencies Are Dangerous

Think your npm packages are safe? Recent attacks that slipped malicious code into 126 npm packages — roughly 86,000 downloads — show how invisible dependency changes can cascade into thousands of projects, so token hygiene, 2FA and publish provenance matter more than ever.

Analyst 207
Massive tangled worm emerges from cracked package box amidst shattered screens and wires, with ominous cityscape looming in…

Self-Replicating Worm: Stunning Threat Hits 180+ Packages

A stark wake-up call: a self-replicating worm has infected 187+ NPM packages, stealing and publicly exposing developer tokens during installs. By weaponizing automated installs and transitive dependencies, it turns every npm install into a potential propagation engine.

Analyst 207