Technology ❯ Software Development ❯ Package Management

npm

Malicious Packages Security Vulnerabilities Vulnerabilities Security Risks Dependency Management CLI Tools Trojanized Packages Credential Theft Security Issues Typosquatting

Bitwarden CLI Briefly Backdoored in npm Supply-Chain Attack

Researchers tie the breach to a wider campaign that hijacks CI pipelines to steal tokens.

Stories older than 24h

OpenAI Requires macOS App Updates After Axios Supply-Chain Compromise

Axios npm Package Briefly Trojanized After Maintainer Account Takeover

Axios npm Package Hijacked to Drop RATs as Google Links Attack to UNC1069

Researchers Link Iran-Targeted ‘CanisterWorm’ to Trivy Supply-Chain Breach

Trivy Supply-Chain Attack Poisons GitHub Action Tags to Steal CI/CD Secrets

npm Worm 'SANDWORM_MODE' Exposed Targeting Developer and CI Secrets Through Typosquatted Packages

Microsoft Removes 19 Malicious VS Code Extensions After Supply-Chain Campaign Exposed

Shai-Hulud 2.0 Exposes 400,000 Developer Secrets Across NPM and GitHub

Shai-Hulud npm Worm Exposes 25,000+ GitHub Repos Through Trojanized Packages

Self-Publishing 'IndonesianFoods' Worm Floods npm With More Than 100,000 Spam Packages

Researchers Uncover 'PhantomRaven' Campaign Flooding npm With 126 Credential-Stealing Packages

CERT Warns as Shai-Hulud npm Supply-Chain Attack Tops 500 Packages

GitHub Details Staged Overhaul of npm Publishing Security

Shai-Hulud Worm Infects 187 npm Packages, Steals Secrets and Self‑Replicates via Stolen Tokens

Phished npm Maintainer’s Packages Used in Crypto-Clipping Attack as Rapid Takedown Limits Damage

Malicious npm Packages Tap Ethereum Smart Contracts for Stealthy C2

PyPI Battles Live Phishing Campaign Exploiting Typosquatted Domain