Skip to content
The Nexus
DossierENTITY

npm packages

Coverage of npm packages in the Nexus archive.

Earliest in view: Apr 29 · 22:43 UTCMost recent: Jun 26 · 11:05 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 26 · 11:05 UTCTHE HACKER NEWS
    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    Miasma malware, part of the Mini Shai-Hulud, Miasma, and Hades family, has compromised new npm packages like LeoPlatform and RStreams while expanding to the Go ecosystem. The attack also involves malicious GitHub Actions workflow abuse.

  • SECURITYJun 20 · 14:09 UTCBLEEPING COMPUTER
    Microsoft links Mastra AI supply chain attack to North Korean hackers

    Microsoft has attributed a recent Mastra AI supply chain attack, which compromised over 140 npm packages, to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff.

  • SECURITYJun 1 · 13:30 UTCHACKER NEWS
    NPM packages from RedHat have been compromised

    NPM packages from RedHat have been compromised, as reported in a GitHub issue. The incident has sparked discussion on Hacker News, where the article has 275 points and 119 comments.

  • SECURITYApr 30 · 21:01 UTCDARK READING
    TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

    Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.

  • SECURITYApr 29 · 22:43 UTCBLEEPING COMPUTER
    Official SAP npm packages compromised to steal credentials

    Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack, aiming to steal developer credentials and authentication tokens. The breach highlights vulnerabilities in software supply chains and developer security practices.

npm packages · Dossier · The Nexus