npm packages
Coverage of npm packages in the Nexus archive.
- Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Miasma malware, part of the Mini Shai-Hulud, Miasma, and Hades family, has compromised new npm packages like LeoPlatform and RStreams while expanding to the Go ecosystem. The attack also involves malicious GitHub Actions workflow abuse.
- Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack, which compromised over 140 npm packages, to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff.
- NPM packages from RedHat have been compromised
NPM packages from RedHat have been compromised, as reported in a GitHub issue. The incident has sparked discussion on Hacker News, where the article has 275 points and 119 comments.
- TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.
- Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack, aiming to steal developer credentials and authentication tokens. The breach highlights vulnerabilities in software supply chains and developer security practices.