StepSecurity Archives • Daily CyberSecurity

Malicious VeloraDEX SDK Compromises Developer Machines via npm npm Supply Chain Attack @velora-dex/sdk Malware

Malicious VeloraDEX SDK Compromises Developer Machines via npm

Ddos April 8, 2026

Security researchers at StepSecurity have sounded the alarm on a compromised version of the @velora-dex/sdk package. On...

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Ddos March 31, 2026

Security researchers at StepSecurity have issued an emergency warning regarding a high-stakes supply chain attack targeting axios,...

The Polymarket Trojan: Verified GitHub Org Hijacked to Distribute Crypto-Stealing Bots

Ddos March 19, 2026

In a sophisticated supply chain attack discovered by the StepSecurity threat intelligence team, a legitimate Japanese DeFi...