All news

npm

(6 articles)
36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

April 5, 2026

36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants

36 rogue npm packages abused Redis and PostgreSQL connections to plant persistent backdoors. Here is what happened and how to protect your supply chain.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Threat actor UNC1069 targeted an Axios maintainer via social engineering, compromising the npm package in a dangerous supply chain attack.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

April 1, 2026

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google links the Axios npm supply chain attack to North Korean threat group UNC1069. Here's what happened and how developers can protect their code.

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

April 1, 2026

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Anthropic confirms Claude Code source was exposed via an npm packaging error. Here's what happened and how developers can protect their own packages.

Claude Code Source Code Accidentally Leaked in NPM Package

April 1, 2026

Claude Code Source Code Accidentally Leaked in NPM Package

Anthropic accidentally exposed Claude Code's closed-source code via a 60MB source map file in an NPM package. Here's what happened and what developers should learn.

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

March 24, 2026

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

A stealthy npm supply chain attack uses 7 malicious packages to harvest crypto wallet keys and credentials. Here's what developers need to know.