Post
CRITICAL ⚡ MUST-KNOW

IronWorm Infostealer Hits 36 npm Packages in Supply-Chain Attack

· supply-chain · npm · malware · infostealer

A new supply-chain attack has seeded 36 npm packages with IronWorm, an infostealer designed to exfiltrate credentials and secrets from developer environments. The campaign mirrors earlier malicious-package patterns but the scope—36 packages simultaneously—is broader than most recent incidents. Node.js developers should audit their dependency trees against the affected package list and check for IronWorm IOCs in endpoint telemetry. Any secrets or credentials that may have been loaded in environments where the affected packages ran should be rotated immediately.