npm

Vercel Data Breach Exposes SA Developer Community

Fake Gemini Npm Package Steals AI Tool Tokens

CrowdStrike, Google Take Down Glassworm Botnet

Better-Auth Flaw Allows Unauthenticated API Key Creation

Rootly | The Claude Code Leak: Which Signals Could've Caught It?

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

Supply-Chain Attacks Take Aim at Your AI Coding Agents

Axios NPM Supply Chain Breach Exposes Millions of Developers to Malware

Four Malicious Npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Axios Npm Supply‑chain Breach Exposes Millions of Developers to North Korean‑linked RAT

TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest

Why JSON Schema Matters More than Ever in the Age of Generative AI

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Hackers Can Bypass Npm’s Shai-Hulud Defenses via Git Dependencies

LeakWatch 2026, Security Incidents, Data Breaches and IT Situation for the Current Calendar Week 18

Grafana Breach Traced to Missed Token Rotation After TanStack Supply‑chain Attack

Massive Npm Supply Chain Attack Hits AntV Ecosystem; Hundreds of JavaScript Packages Compromised

Npm Launches Staged Publishing and New Install‑source Flags to Tighten Supply‑chain Security

LeakWatch 2026, Security Incidents, Data Breaches and IT Situation for the Current Calendar Week 21 – Pentecost, Fake Voices and the Question of Whom to Still Trust

Show HN: A Local-First, Reversible PII Scrubber for AI Workflows

An Incredibly Popular JavaScript Library Might Have some Worrying Malware Issues

Critical Sandbox Escape Flaw Found in Popular Vm2 NodeJS Library

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Npm Registry Attack Exposes Millions of Apps, Highlights Software Supply‑Chain Risks

Hacker Active Well Beyond Context.ai Compromise, Says Vercel CEO

The Double-Edged Sword of Non-Human Identities

Mini Shai‑Hulud Worm Infects 172 Npm and PyPI Packages, Threatening 518 M+ Downloads

Self-Propagating Supply Chain Worm Hijacks Npm Packages to Steal Developer Tokens

Bun v1.3.9

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

From Typos to Takeovers: Inside the Industrialization of Npm Supply Chain Attacks

Why some Security Fixes Never Reach Your Vulnerability Dashboard

Axios Hack Exposes AI-Coding’s Dependency Problem

Malware Dev Tries to Steal Claude Users' Secrets, Writes Npm Slop, Leaks Own GitHub Private Token

Trivy, KICS, and the Shape of Supply Chain Attacks so Far in 2026

AntV Data Visualization Tool the Latest to Be Hit by Ongoing Npm Supply Chain Attacks

170 Npm Packages Hijacked to Steal GitHub, AWS & Kubernetes Secrets

Phaser vs Kaplay vs Excalibur: Which 2D Web Game Framework Wins?

Malicious Npm Package Stole Files From Claude AI User Directory via GitHub

Megalodon Chums the Waters in 5.5K+ GitHub Repo Poisonings

AI‑Powered Defenses Become Critical as Cloud Attack Speed Slashes to Days

SAP Npm Package Attack Highlights Risks in Developer Tools and CI/CD Pipelines

Thousands of Fake Packages Flood Npm Registry in Major Attack - Here's What We Know

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

NPM to Implement Staged Publishing After Turbulent Shift Off Classic Tokens

Cursor and Chainguard Partner to Lock Down the AI Agent Supply Chain

Show HN: Smol Machines – Subsecond Coldstart, Portable Virtual Machines

TrapDoor Malware Campaign Puts Developer Workstations in CISO Spotlight

TanStack NPM Supply‑Chain Attack Deploys 84 Malicious Versions Across 42 Packages