Home page on Days Since Last NPM Supply Chain Compromise

IronWorm: Shai-Hulud's rustier cousin

Wed, 03 Jun 2026 15:21:54 +0530

via JFrog

Multiple redhat-cloud-services npm Packages compromised

Mon, 01 Jun 2026 15:21:54 +0530

via StepSecurity

Mini Shai-Hulud Hits @antv Ecosystem, 639 Compromised npm Package Versions

Tue, 19 May 2026 15:21:54 +0530

via Socket.Dev

Postmortem: TanStack npm supply-chain compromise

Mon, 11 May 2026 15:06:43 +0530

via Tanstack

Official SAP npm packages compromised to steal credentials

Wed, 29 Apr 2026 15:06:43 +0530

via Bleeping Computer

Bitwarden CLI npm package compromised to steal developer credentials

Thu, 23 Apr 2026 15:21:54 +0530

via BleepingComputer

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware

Wed, 22 Apr 2026 15:21:54 +0530

via Socket.dev

OtterCookie Expands Targeting to AI Coding Tools: Analysis of a Trojanized npm Campaign

Sat, 04 Apr 2026 15:21:54 +0530

via Cyber & Ramen

Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2

Fri, 03 Apr 2026 15:21:54 +0530

via SafeDep

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan

Mon, 30 Mar 2026 15:21:54 +0530

via The Step Security

TeamPCP deploys CanisterWorm on NPM following Trivy compromise

Fri, 20 Mar 2026 15:21:54 +0530

via Akido

Cline CLI npm Package Compromised via Suspected Cache Poisoning Attack

Wed, 18 Feb 2026 15:21:54 +0530

via Socket.Dev

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages

Sun, 21 Dec 2025 15:21:54 +0530

via Koi Security

Two Years, 17K Downloads: The NPM Malware That Tried to Gaslight Security Scanners

Sun, 30 Nov 2025 15:21:54 +0530

via Koi AI

Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed

Mon, 24 Nov 2025 15:21:54 +0530

via Wiz.Io

npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects

Mon, 17 Nov 2025 15:21:54 +0530

via Socket.dev

IndonesianFoods worm publishes more than 86,000 malicious NPM packages

Thu, 13 Nov 2025 15:21:54 +0530

via SourceCodeRED

Malicious NPM Package Found Targeting GitHub By Typosquatting on GitHub Action Packages

Mon, 10 Nov 2025 15:21:54 +0530

via Veracode

MUT-4831: Trojanized npm packages deliver Vidar infostealer malware

Thu, 06 Nov 2025 15:21:54 +0530

via Datadog

Invisible npm malware pulls a disappearing act – then nicks your tokens

Thu, 30 Oct 2025 15:21:54 +0530

via The Register

10 npm Typosquatted Packages Deploy Multi-Stage Credential Harvester

Tue, 28 Oct 2025 15:21:54 +0530

via socket.dev

Post-exploitation framework now also delivered via npm

Fri, 17 Oct 2025 15:21:54 +0530

via Kaspersky

175 npm packages, unpkg CDN abused for phishing infrastructure

Mon, 13 Oct 2025 00:00:00 +0000

via SC Media

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails

Thu, 25 Sep 2025 15:21:54 +0530

via koi.security

Shai-Hulud Worm Compromises npm Ecosystem in Supply Chain Attack

Tue, 23 Sep 2025 15:21:54 +0530

via Palo Alto

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

Mon, 08 Sep 2025 15:21:54 +0530

via Bleeping Computer

Hijacked S3 buckets used in attacks on npm packages

Mon, 19 Jun 2023 15:21:54 +0530

via The Register

Protestware on the rise: Why developers are sabotaging their own code

Wed, 27 Jul 2022 15:21:54 +0530

via TechCrunch

BIG sabotage: Famous npm package deletes files to protest Ukraine war

Thu, 17 Mar 2022 15:21:54 +0530

via The Register

Dev corrupts NPM libs colors and faker breaking thousands of apps

Sun, 09 Jan 2022 15:21:54 +0530

via Bleeping Computer

NPM package with 3 million weekly downloads had a severe vulnerability

Thu, 02 Sep 2021 15:21:54 +0530

via Ars Technica

How 17 Lines of Code Took Down Silicon Valley's Hottest Startups

Sun, 24 Mar 2019 15:21:54 +0530

via Huffington Post

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

Mon, 26 Nov 2018 15:21:54 +0530

via Ars Technica