npm 27
- 144 Mastra npm Packages Compromised in Supply Chain Attack
- npm 12 Will Disable Dependency Install Scripts by Default to Curb Supply Chain Attacks
- GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
- Shai-Hulud / Hades Supply Chain Campaign Hits 100+ npm and PyPI Packages
- IronWorm: A Rust npm Worm with a Kernel eBPF Rootkit and Tor C2
- Dissecting WAVESHAPER.V2: The macOS RAT Behind the Axios npm Attack
- Rust-Written IronWorm Malware Hits NPM in Credential-Propagating Supply Chain Attack
- IronWorm Infostealer Hits 36 npm Packages in Supply-Chain Attack
- Malicious npm Package Exfiltrated Files from Claude AI User Directories
- npm Launches Staged Publishing with 2FA Gating to Counter Supply Chain Attacks
- Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
- Grafana Labs Source Code Exposed via GitHub Breach Linked to TanStack npm Attack
- New Shai-Hulud Wave Compromises 600+ npm Packages in Fresh Supply Chain Hit
- Compromised Nx Console 18.95.0 Delivers Credential Stealer to 2.2M VS Code Users
- node-ipc npm Package Compromised in Supply Chain Attack to Steal Credentials
- TanStack Supply Chain Attack Compromised Two OpenAI Employee Devices, Credentials Stolen
- TeamPCP Releases Shai-Hulud Worm Source Code, Invites Supply Chain Attacks with Monetary Rewards
- TanStack npm Supply Chain Attack Hits Multiple AI Companies
- Mini Shai-Hulud: Dissecting the SAP CAP npm Supply Chain Worm
- Dozen Critical Vulnerabilities in vm2 Node.js Library Enable Sandbox Escape and RCE
- TeamPCP 'Mini Shai-Hulud' Supply Chain Attack Hits SAP npm Packages
- Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution
- SAP npm Packages Compromised in Credential-Stealing Supply Chain Attack
- DPRK Threat Actors Use Claude Opus to Plant Malicious npm Packages
- Unit 42 Maps npm Attack Surface: Wormable Malware, CI/CD Persistence, and Multi-Stage Chains
- Bitwarden npm Supply Chain Attack Attributed to TeamPCP; Shai-Hulud Worm Component Identified
- Checkmarx Supply Chain Attack Compromises Bitwarden CLI and KICS Analysis Tool