Monday 06 July 2026 01:15:57 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#NPM package


108 Poisoned Builds, One Shared Trap: The New Cross-Ecosystem Supply-Chain Wave

Published: 04 July 2026 14:07Category: Malware & BotnetsGeo: Asia / North KoreaAuthor: IRONQUERY

A campaign tied to PolinRider has put malicious packages and browser extensions into npm, Packagist, Go, and Google Chrome, showing how one delivery pattern can travel across very different trust systems.

Trusted Release Keys Turned Into a Supply-Chain Weapon

Published: 03 July 2026 08:16Category: CybercrimeGeo: North America / USAAuthor: VULNCRUSADER

A maintainer-account takeover can do more damage than a single malicious file, especially when one publish pipeline reaches several software ecosystems at once.

Malicious Packages Take the Editor Route: npm and Go Code Abuse VS Code Tasks for Stealth

Published: 29 June 2026 10:57Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A package-chain compromise can do more than slip in bad code - it can turn developer tooling itself into the execution path for a cross-platform Python infostealer.

Package Trust Under Siege: Miasma’s Latest Move Cuts Across npm, GitHub Actions, and Go

Published: 26 June 2026 17:38Category: Malware & BotnetsAuthor: SIGNALMONK

The latest Miasma-linked supply-chain activity shows how a single poisoned release can pressure multiple trust layers at once, from package registries to build automation.

Trusted npm Packages Become the Doorway in a Quiet Secret-Harvesting Campaign

Published: 26 June 2026 08:03Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

A poisoned-package wave tied to Mini Shai-Hulud, Miasma, and Hades is pushing supply-chain risk into the heart of developer workstations and CI/CD pipelines.

Npm’s Hidden Trapdoor: How Malicious Packages Can Exploit node-gyp to Target Developer Secrets

Published: 25 June 2026 12:07Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A supply-chain lure inside package install and build steps can turn routine development work into an execution window for credential theft, especially when teams trust native-addon metadata too quickly.

npm Lookalikes Put PostCSS Trust Chains on the Hook for Chrome Passwords

Published: 24 June 2026 16:09Category: Malware & BotnetsAuthor: IRONQUERY

A deceptive package name can be enough to turn a routine JavaScript install into a staged Windows malware chain with browser-credential risk.

Fake PostCSS Packages Turned a Routine npm Install into a Windows RAT Risk

Published: 24 June 2026 10:44Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

Three lookalike npm packages aimed at frontend developers underscore how package-name trust and installer-time execution can collide on a developer workstation.

Lookalike npm Packages Turn a CSS Search into a Supply-Chain Trap

Published: 23 June 2026 12:19Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A small cluster of PostCSS-themed npm packages shows how name confusion and install-time trust can turn routine dependency work into a Windows malware risk.

A Lookalike npm Name, Then a Windows Script Chain: The Supply-Chain Trap Behind a RAT Drop

Published: 22 June 2026 14:52Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A typosquatted package in the npm ecosystem shows how a single confusing name can hand attackers a path from dependency install to Windows-native execution.

Mastra’s npm Trail Turns a Package Update Into a Crypto-Extension Risk

Published: 22 June 2026 14:14Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A malicious dependency found in more than 140 Mastra packages shows how a software supply-chain incident can move from build tools to browser-facing cryptocurrency surfaces.

A Lookalike npm Package Turned a Trusted CSS Name Into a Windows Malware Pipe

Published: 22 June 2026 14:07Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A deceptive package name in the PostCSS orbit shows how open-source trust can be abused before any code ever reaches production.

One Hijacked npm Identity Can Poison an Entire Dependency Chain

Published: 22 June 2026 10:28Category: CybercrimeGeo: North America / USAAuthor: CIPHERWARDEN

A maintainer-account takeover tied to poisoned Mastra packages shows how package registries can become malware delivery systems when publisher trust is broken.

A Trusted npm Namespace Became the Weak Link in an AI Build Chain

Published: 17 June 2026 10:13Category: CybercrimeGeo: North America / USAAuthor: CIPHERWARDEN

A hijacked contributor identity and a burst of package publishing turned the @mastra/* ecosystem into a supply-chain warning for anyone shipping JavaScript or TypeScript at scale.

Fake Fixes, Real Risk: How a 25-Package Supply Chain Trap Targeted Solana Developers

Published: 12 June 2026 10:17Category: CybercrimeGeo: North America / USAAuthor: CIPHERWARDEN

A package-based credential theft campaign shows how quickly trusted registries can become entry points when attackers dress malware up as a build fix or SDK helper.

When a Package Install Becomes the Breach: dbmux and the New Trust Problem

Published: 10 June 2026 16:49Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

A malicious npm package found inside developer tooling shows how supply-chain abuse can begin before an app even launches, turning routine installs into high-risk execution events.

A Rogue npm Package Put Developer Machines in the Crosshairs

Published: 10 June 2026 10:13Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

The dbmux case shows why a routine package install can become an execution event, not a passive download, with developer endpoints serving as a high-value entry point for broader supply-chain abuse.

Shai-Hulud Returns With a Bigger Blast Radius Across npm and PyPI

Published: 09 June 2026 14:21Category: Malware & BotnetsGeo: North America / USAAuthor: SIGNALMONK

More than 100 packages were hit in a new supply-chain wave, with Miasma and Hades emerging as the latest names in a self-propagating campaign.

When a Package Becomes a Proxy: The Claude Code MCP Token Trap

Published: 08 June 2026 06:08Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

A malicious npm package was used in a demonstrated attack path that rerouted Claude Code integrations and put OAuth bearer tokens in the crosshairs.

When a Package Install Turns Hostile: The IronWorm Lesson for Developers

Published: 04 June 2026 17:52Category: Malware & BotnetsGeo: North America / USAAuthor: NEXUSGUARDIAN

A malicious npm campaign shows how routine dependency installs can become a secret-harvesting path into developer systems, with crypto and Web3 workflows carrying outsized risk.