All news

malicious packages

(5 articles)

June 1, 2026

OpenAI Codex Tokens Stolen in npm Supply Chain Attack

Malicious npm package codexui-android stole OpenAI Codex authentication tokens. Here's what developers need to know and how to protect your projects.

May 19, 2026

Malicious AntV npm Packages via Hijacked Account

Mini Shai-Hulud pushed malicious AntV npm packages through a compromised maintainer account. Here's what developers need to know to stay protected.

May 12, 2026

RubyGems Suspends Signups After Malicious Packages

RubyGems suspended new account signups after hundreds of malicious packages flooded the registry. Here's what Ruby developers need to know right now.

Shai-Hulud Worm Hits TanStack, Mistral AI Packages

May 12, 2026

Shai-Hulud Worm Hits TanStack, Mistral AI Packages

The Mini Shai-Hulud worm has compromised TanStack, Mistral AI, Guardrails AI and more. Learn what's affected and how to protect your dependencies now.

N. Korean Hackers Drop 1,700 Malicious Packages

April 8, 2026

N. Korean Hackers Drop 1,700 Malicious Packages

North Korean hackers spread 1,700 malicious packages across npm, PyPI, Go, and Rust registries. Here's what developers need to check right now.