All news

npm

(14 articles)

May 29, 2026

Sicoob NuGet Package Steals Banking Credentials

A malicious Sicoob NuGet package is stealing banking credentials while npm packages target cloud secrets. Here's what developers need to check right now.

May 25, 2026

TrapDoor Supply Chain Attack Hits npm, PyPI, CratesIO

TrapDoor malware spreads credential-stealing payloads across npm, PyPI, and CratesIO. Learn how the supply chain attack works and how to protect your projects.

May 23, 2026

npm 2FA Publishing Controls Block Supply Chain Attacks

npm now gates package publishing behind 2FA and adds install controls. Here's what developers need to configure to protect their supply chain.

May 15, 2026

node-ipc npm Package Compromised to Steal Credentials

Three malicious node-ipc versions exfiltrate cloud keys, SSH tokens, and CI/CD secrets via DNS TXT queries. Check your lockfiles now.

May 14, 2026

Stealer Backdoor Found in 3 Node-IPC Versions

A stealer backdoor was found in 3 Node-IPC versions targeting developer secrets. Learn what versions are affected and how to protect your supply chain.

PyTorch Lightning Supply Chain Attack Steals Creds

April 30, 2026

PyTorch Lightning Supply Chain Attack Steals Creds

PyTorch Lightning and intercom-client were hit in coordinated supply chain attacks. Here's how the credential theft worked and what developers must do now.

Bitwarden CLI Hit by Checkmarx Supply Chain Attack

April 23, 2026

Bitwarden CLI Hit by Checkmarx Supply Chain Attack

The Bitwarden CLI is being targeted in an active Checkmarx supply chain campaign. Learn what's at risk and how to protect your build pipeline now.

npm Supply-Chain Worm Steals Auth Tokens Fast

April 22, 2026

npm Supply-Chain Worm Steals Auth Tokens Fast

A self-spreading npm supply chain attack is stealing developer tokens, API keys, and cloud credentials. See which packages are affected and how to protect yourself.

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

April 5, 2026

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

36 rogue npm packages abused Redis and PostgreSQL connections to plant persistent backdoors. Here is what happened and how to protect your supply chain.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Threat actor UNC1069 targeted an Axios maintainer via social engineering, compromising the npm package in a dangerous supply chain attack.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

April 1, 2026

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links the Axios npm supply chain attack to North Korean threat group UNC1069. Here's what happened and how developers can protect their code.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

April 1, 2026

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirms Claude Code source was exposed via an npm packaging error. Here's what happened and how developers can protect their own packages.

Claude Code Source Code Accidentally Leaked in NPM Package

April 1, 2026

Claude Code Source Code Accidentally Leaked in NPM Package

Anthropic accidentally exposed Claude Code's closed-source code via a 60MB source map file in an NPM package. Here's what happened and what developers should learn.

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

March 24, 2026

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

A stealthy npm supply chain attack uses 7 malicious packages to harvest crypto wallet keys and credentials. Here's what developers need to know.