Advertisement
SU
HIGH
Supply Chain
320+ @antv NPM Packages Compromised in Mini Shai-Hulud Attack
A maintainer account compromise has led to a major supply chain attack against Alibaba’s @antv NPM namespace, impacting over 320 visualization packages.
Runtime Rebel Intel
3 min read·May 20, 2026
CRITICAL
Supply Chain
Bitwarden CLI Supply Chain Attack: Malicious NPM Package Identified
Researchers have discovered a malicious payload in version 2026.4.0 of the Bitwarden CLI, targeting sensitive vault credentials in build environments.
Runtime Rebel Intel
3 min read·Apr 23, 2026
HIGH
Supply Chain
SANDWORM_MODE: Malicious npm Cluster Automates Secret Harvesting and Crypto Theft
Security researchers have identified a coordinated campaign involving 19 malicious npm packages designed to exfiltrate CI/CD secrets, API tokens, and private cryptocurrency keys.
Runtime Rebel Intel
2 min read·Feb 23, 2026
SU
HIGH
Supply Chain
Malicious npm Package Targets React Developers with Backdoored Polyfill
A typosquatted npm package mimicking a popular React utility has been downloaded over 47,000 times before removal. The package contained an obfuscated backdoor capable of exfiltrating environment variables and SSH keys.
Jordan Kim
2 min read·Jan 25, 2024