npm malware Archives • Daily CyberSecurity

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

Do Son May 2, 2026

Security researchers have uncovered a supply-chain attack on npm targeting developers who mistakenly install the unscoped tanstack...

PromptMink Tricked AI Agents into Planting Malware PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Tricked AI Agents into Planting Malware

Do Son May 1, 2026

Researchers at ReversingLabs (RL) have uncovered a campaign dubbed PromptMink. Attributed to the North Korean-linked group Famous...

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines SAP Supply Chain Attack Mini Shai-Hulud Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Do Son April 29, 2026

Security researchers have sounded the alarm on a precision-targeted supply-chain compromise striking the SAP developer ecosystem. The...

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens AI Tool Targeting Contagious Interview

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens

Do Son April 10, 2026

In a calculated move that signals a new frontier in cyber espionage, North Korean threat actors have...

The Polymarket Trojan: Verified GitHub Org Hijacked to Distribute Crypto-Stealing Bots GitHub Supply Chain Attack Polymarket Malware

The Polymarket Trojan: Verified GitHub Org Hijacked to Distribute Crypto-Stealing Bots

Do Son March 19, 2026

In a sophisticated supply chain attack discovered by the StepSecurity threat intelligence team, a legitimate Japanese DeFi...

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

OSX/Amos Stealer Electron ASAR Trojan MioLab Malware macOS Security MacSync Stealer macOS Malware ambar-src npm Malware Supply Chain Typosquatting Matryoshka Mac Malware ClickFix Crypto Scam Infostealer Evolution macOS Malware Predator Spyware Intellexa Anti-Analysis XCSSET macOS Malware, Xcode Supply Chain

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs

Do Son February 27, 2026

Tenable Research has uncovered a highly sophisticated, malicious npm package that amassed approximately 50,000 downloads before its...

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI dYdX Supply Chain Attack Malicious npm Package

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI

Do Son February 10, 2026

A sophisticated supply chain attack has struck the dYdX decentralized exchange protocol, injecting malicious code into official...

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys

Do Son January 27, 2026

It looked like just another UI library. “ansi-universal-ui” promised to be a “lightweight, modular UI component system...

Aikido Uncovers Malicious Code in Popular npm Package rand-user-agent

Do Son May 8, 2025

Aikido Security has uncovered a Remote Access Trojan (RAT) embedded in rand-user-agent, a JavaScript package downloaded ~45,000...

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds npm malware, crypto wallet attack

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds

Do Son April 14, 2025

The ReversingLabs (RL) research team has uncovered a sophisticated npm-based malware campaign in which a fake npm...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

npm malware

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

PromptMink Tricked AI Agents into Planting Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

North Korean Hackers Pivot to AI: New npm Malware Targets Cursor, Claude, and Gemini Tokens

The Polymarket Trojan: Verified GitHub Org Hijacked to Distribute Crypto-Stealing Bots

The 50,000-Download Trap: How ‘ambar-src’ Typosquatting Compromised Windows, Linux, and macOS Devs

Poisoned Protocol: dYdX Supply Chain Attack Injects RATs into npm & PyPI

“G_Wagon” Malware Hides in Fake NPM UI Library to Steal Cloud Keys

Aikido Uncovers Malicious Code in Popular npm Package rand-user-agent

npm Malware Targets Atomic and Exodus Wallets to Steal Crypto Funds