Threats Tagged 'packagist compromise'
View all threats tagged with 'packagist compromise'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'packagist compromise'
Click on any threat for detailed analysis and mitigation recommendations
Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise 0 A malicious artifact of the widely-used intercom/intercom-php package version 5.0.2 was discovered on Packagist, representing an expansion of the Mini Shai-Hulud supply chain attack from npm into the PHP ecosystem. The compromised package exploits Composer plugin execution to download Bun runtime and execute an obfuscated credential-stealing payload during installation. The malicious code harvests sensitive credentials including GitHub tokens, cloud provider credentials, SSH keys, Kubernetes tokens, and HashiCorp Vault secrets from developer machines and CI/CD environments. Stolen data is encrypted using AES-256-GCM and exfiltrated to attacker-controlled infrastructure. The payload also contains propagation logic to modify GitHub repositories and npm packages using stolen credentials. With approximately 12,700 daily installs, the compromised artifact potentially reached numerous high-value development environments before removal. Join the discussion | AlienVault OTX General | 05/01/2026, 08:50:53 UTC Added: 05/04/2026, 14:21:27 UTC |
Showing 1 to 1 of 1 result