Technology ❯ Cybersecurity ❯ Malware ❯ Supply Chain Attacks

npm Packages

Coordinated npm Attack Used GitHub Actions Flaws to Push Malicious TanStack Releases

The breach highlights weak points in GitHub Actions workflows that let attackers turn trusted builds into delivery channels.

Malware-Laced Updates Hit SAP-Linked npm Packages, Steal Developer and CI Secrets

Bitwarden CLI npm Release Briefly Backdoored in Supply-Chain Campaign

Axios npm Package Briefly Trojanized After Maintainer Account Takeover

Axios npm Package Hijacked to Drop RATs as Google Links Attack to UNC1069

npm Worm 'SANDWORM_MODE' Exposed Targeting Developer and CI Secrets Through Typosquatted Packages

Shai-Hulud npm Worm Exposes 25,000+ GitHub Repos Through Trojanized Packages

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

Shai-Hulud Worm Infects 187 npm Packages, Steals Secrets and Self‑Replicates via Stolen Tokens

Phished npm Maintainer’s Packages Used in Crypto-Clipping Attack as Rapid Takedown Limits Damage

LottieFiles Supply Chain Attack Drains Users' Crypto Wallets