Tag: package registry

2 articles

Developer workstation with laptop and subtle signs of supply chain breach.

Miasma Malware Targets npm, GitHub in Expanded Supply Chain Attack

Over 550 GitHub repositories have been compromised in a massive supply-chain attack, with malware harvesting developer credentials and spreading across package registries and workflows. The attack has already infected numerous npm packages and one Go module, putting developer data at risk.

Analyst 207Jun 26, 2026

Developer workspace with open laptop and blurred screen, surrounded by tech equipment.

GemStuffer Exploits RubyGems to Exfiltrate UK Council Data

Meet GemStuffer, a sneaky campaign that's hijacking the RubyGems registry to steal sensitive data, including information from a UK council, by hiding scraped content within seemingly harmless package files. Over 150 malicious gems have been used to store and exfiltrate this data, exposing it to anyone who knows where to look.

Analyst 207May 13, 2026