Threats Tagged 'npm worm'
View all threats tagged with 'npm worm'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'npm worm'
Click on any threat for detailed analysis and mitigation recommendations
PyPI Package Compromised in Supply Chain Attack 0 The popular PyPI package lightning experienced a supply chain attack affecting versions 2.6.2 and 2.6.3, published on April 30, 2026. The compromise introduced malicious code that executes automatically upon module import, downloading Bun JavaScript runtime and executing an 11MB obfuscated payload. The attack harvests credentials including GitHub tokens, npm tokens, cloud credentials from AWS, Azure, and Google Cloud, while targeting CI/CD environments. The malicious code poisons GitHub repositories by injecting backdoored files impersonating Claude Code commits and infects local npm packages through tarball manipulation. The attack shows similarities to previous Shai-Hulud campaigns in terms of credential targeting and obfuscation methods. Evidence suggests the maintainer's GitHub account (pl-ghost) was compromised, with suspicious branch operations and disclosure suppression indicating ongoing attacker control. The incident affects a widely-used deep learning framework receiving millions of monthly downl... Join the discussion | AlienVault OTX General | 04/30/2026, 19:11:29 UTC Added: 05/04/2026, 14:06:24 UTC |
Showing 1 to 1 of 1 result