Tag: package compromise
8 articles

Mastra Packages Compromised in Software Supply Chain Attack
A massive software supply chain attack just hit Mastra, with over 140 malicious packages published in a single day by a compromised npm account. The swift and coordinated assault, dubbed easy-day-js, unfolded over just two days, catching defenders scrambling to respond.

Arch Linux Cracks Down on Malicious Commits in User Repository
Malicious hackers have launched a massive assault on the Arch User Repository, compromising over 1,500 user-submitted packages and forcing the Arch Linux team to temporarily halt new account signups to contain the damage. The attack has been mitigated, but not before highlighting the vulnerability of community-run package repositories.

Red Hat npm Packages Compromised in Supply-Chain Attack
A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

TanStack npm packages compromised in cache-poisoning attack
Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Malware Worms Into SAP, Intercom and Lightning Developer Tools
Malicious actors struck SAP's JavaScript and cloud application development ecosystem on April 29, releasing poisoned versions of four widely-used npm packages that receive a staggering 572,000 weekly downloads. The compromised packages, which included mbt, @cap-js/db-service, @cap-js/postgres, and @cap-js/sqlite, were published in a brief window of just two hours.

SAP npm Packages Compromised in Supply-Chain Attack
Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Bitwarden CLI npm package targeted in supply chain attack
Bitwarden swiftly contained a brief supply chain attack on its CLI npm package, confirming that a single malicious release was live for under two hours on April 22, 2026, and assuring users that their vault data remained safe. The incident was quickly remediated, with the compromised access revoked and the malicious release deprecated.

Malware Worm Exploits npm Packages to Hijack Developer Tokens
Meet CanisterSprawl, a sneaky self-propagating worm that's compromising npm packages and using stolen developer tokens to spread its reach. This malware goes beyond just stealing credentials, turning one infected environment into a web of additional package compromises.