NPM Archives

Supply Chain Security

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions.

Ionut Arghire5 days ago

Malware & Threats

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR.

Ionut ArghireJune 16, 2026

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.

Ionut ArghireJune 13, 2026

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades.

Ionut ArghireJune 9, 2026

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.

Ionut ArghireJune 2, 2026

Supply Chain Security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million.

Ionut ArghireMay 1, 2026

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring.

Ionut ArghireApril 30, 2026

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm.

Ionut ArghireApril 24, 2026

Malware & Threats

Guardarian Users Targeted With Malicious Strapi NPM Packages

Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.

Ionut ArghireApril 6, 2026

Application Security

Axios NPM Package Breached in North Korean Supply Chain Attack

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.

Ionut ArghireApril 1, 2026

Application Security

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.

Ionut ArghireMarch 25, 2026

Malware & Threats

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch.

Ionut ArghireFebruary 24, 2026

Supply Chain Security

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution.

Ionut ArghireJanuary 27, 2026

Vulnerabilities

Critical Vulnerability Patched in jsPDF

The bug can allow attackers to read arbitrary files from the system, potentially exposing configurations and credentials.

Ionut ArghireJanuary 8, 2026

Malware & Threats

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

The package provides legitimate functionality to evade detection, while stealing users’ data and deploying a backdoor.

Ionut ArghireDecember 23, 2025

Supply Chain Security

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories.

Ionut ArghireNovember 25, 2025

Application Security

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign

A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign.

Ionut ArghireNovember 14, 2025

Malware & Threats

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

The spam campaign is likely orchestrated by an Indonesian threat actor, based on code comments and the packages’ random names.

Ionut ArghireNovember 13, 2025

Application Security

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Arbitrary command/code execution has been demonstrated through the exploitation of CVE-2025-11953 on Windows, macOS and Linux.

Eduard KovacsNovember 4, 2025

Malware & Threats

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

The packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information.

Ionut ArghireOctober 30, 2025

SECURITYWEEK NETWORK:

ICS:

All posts tagged "NPM"

Supply Chain Security

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

Malware & Threats

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

Supply Chain Security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Malware & Threats

SAP NPM Packages Targeted in Supply Chain Attack

Supply Chain Security

Bitwarden NPM Package Hit in Supply Chain Attack

Malware & Threats

Guardarian Users Targeted With Malicious Strapi NPM Packages

Application Security

Axios NPM Package Breached in North Korean Supply Chain Attack

Application Security

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Malware & Threats

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Supply Chain Security

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities

Critical Vulnerability Patched in jsPDF

Malware & Threats

NPM Package With 56,000 Downloads Steals WhatsApp Credentials, Data

Supply Chain Security

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Application Security

Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign

Malware & Threats

Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

Application Security

Critical Flaw in Popular React Native NPM Package Exposes Developers to Attacks

Malware & Threats

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Featured

Data Breaches

More Klue Breach Victims Identified as Hackers Get Hacked

Cybercrime

$3 Million Reportedly Stolen in Polymarket Hack

ICS/OT

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

ICS/OT

Cal Water Says No OT Systems Breached in Iranian Handala Cyberattack

ICS/OT

SecurityWeek ICS Cybersecurity Conference Heads to Nashville for Special 25-Year Anniversary Edition

Vulnerabilities

Cisco SD-WAN Zero-Day Exploited Months Before Patching

Cybercrime

Microsoft and Allies Smash Shared Infrastructure of Amadey and StealC Malware

Latest News

Artificial Intelligence

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Artificial Intelligence

In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs

Artificial Intelligence

Nebulock Raises $25 Million for AI-Native Contextual Security

Application Security

Linux Foundation Unveils New Open Source Security Project Akrites

Cybercrime

$3 Million Reportedly Stolen in Polymarket Hack

Malware & Threats

Russian APT Deploys ‘StockStay’ Backdoor Against Ukrainian Targets

ICS/OT

First-Ever Exploitation of PTC Windchill Vulnerability Discovered in the Wild

Daily Briefing Newsletter