Advertisement
Supply Chain Attack: Bitwarden CLI npm Package Compromised
Analysis of the Bitwarden CLI npm package compromise (version 2023.12.0) leading to developer credential theft and supply chain risk. Includes mitigation.
Bitwarden CLI Supply Chain Attack: Malicious NPM Package Identified
Researchers have discovered a malicious payload in version 2026.4.0 of the Bitwarden CLI, targeting sensitive vault credentials in build environments.
CanisterSprawl Worm: npm Package Supply Chain Hijack & Token Theft
New CanisterSprawl worm compromises npm packages, propagates by stealing developer tokens via an ICP canister. Threatens software supply chain integrity.
Axios npm Supply Chain Attack: Malicious Payloads and Mitigation
Axios npm versions 1.14.1 and 0.30.4 compromised via a malicious dependency injecting remote access trojans. Learn how to detect and remediate this threat.
North Korean Hackers Distribute 1,700 Malicious Packages via npm and PyPI
North Korean threat actors expand the Contagious Interview campaign, deploying 1,700 malicious packages across npm, PyPI, Go, and Rust ecosystems.
North Korean Social Engineering Targets Node.js Maintainers
North Korean threat actors use social engineering and malicious npm packages to target high-profile Node.js maintainers in a sophisticated supply chain campaign.
Guardarian Users Targeted via 36 Malicious Strapi npm Packages
Analysis of a supply chain attack involving 36 malicious npm packages posing as Strapi plugins to target Guardarian users and harvest sensitive credentials.
Axios npm Hijack Attempt: Detecting Social Engineering Tactics
North Korean threat actors targeted an Axios maintainer with a fake Microsoft Teams fix, highlighting critical risks to open-source supply chains.
UNC1069 Social Engineering Leads to Axios npm Supply Chain Compromise
Runtime Rebel details how North Korean threat actor UNC1069 leveraged targeted social engineering against an Axios npm package maintainer, leading to a critical supply
Stardust Chollima Compromises Axios npm Package
Technical analysis of the Stardust Chollima supply chain attack targeting the Axios npm package to exfiltrate developer credentials and data.
Axios NPM Supply Chain Attack Bypasses GitHub Actions CI/CD
A sophisticated supply chain attack targeted the Axios NPM package, leveraging a compromised token to bypass GitHub Actions CI/CD and deploy malicious versions.
Axios npm Supply Chain Attack Attributed to North Korea's UNC1069
Google Threat Intelligence attributes a major Axios npm supply chain attack to North Korean group UNC1069, emphasizing risks to developer environments.