Postinstall Script Archives • Daily CyberSecurity

Malicious JS Lifecycle Hooks Found Hiding Inside PHP Composer Packages PHP Supply Chain Attack Socket Composer Malicious Postinstall

Malicious JS Lifecycle Hooks Found Hiding Inside PHP Composer Packages

Do Son May 23, 2026

Security researchers at Socket have uncovered a coordinated attack targeting PHP Composer packages by hiding malicious JavaScript...

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm