Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Updated on February 23, 2026

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.
The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded…

Read the rest of the story at Read More

Source: The Hacker News

April 16, 2025 Uncategorized

U.S. Govt. Funding for MITRE’s CVE...

December 20, 2023 Uncategorized

Remote Encryption Attacks Surge: How One...

May 26, 2025 Uncategorized

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Related posts

U.S. Govt. Funding for MITRE’s CVE...

Remote Encryption Attacks Surge: How One...

CISO’s Guide To Web Privacy Valida...

Leave a Comment Cancel reply

Recent News

APT28 Targeted European Entities Using Webhook-Based Macro Malware

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

⚡ Weekly Recap: Double-Tap Skimmers, PromptSpy AI, 30Tbps DDoS, Docker Malware & More

How Exposed Endpoints Increase Risk Across LLM Infrastructure

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

MuddyWater Targets MENA Organizations with GhostFetch, CHAR, and HTTP_VIP

AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog

EC-Council Expands AI Certification Portfolio to Strengthen U.S. AI Workforce Readiness and Security