HIGH
Supply Chain
SANDWORM_MODE: Malicious npm Cluster Automates Secret Harvesting and Crypto Theft
Security researchers have identified a coordinated campaign involving 19 malicious npm packages designed to exfiltrate CI/CD secrets, API tokens, and private cryptocurrency keys.
Runtime Rebel Intel
2 min read·Feb 23, 2026
SU
HIGH
Supply Chain
Malicious npm Package Targets React Developers with Backdoored Polyfill
A typosquatted npm package mimicking a popular React utility has been downloaded over 47,000 times before removal. The package contained an obfuscated backdoor capable of exfiltrating environment variables and SSH keys.
Jordan Kim
2 min read·Jan 25, 2024