npm-security

Blog All categories All authors All tags
Preview image for a blog post

Malicious npm Package Unmasked: "@openclaw-ai/openclawai" Deploys RAT, Targets macOS Credentials in Supply Chain Attack

Malicious npm package "@openclaw-ai/openclawai" masquerades as OpenClaw installer, deploying a RAT to steal macOS credentials.
Preview image for a blog post

Shai-Hulud's Shadow: A Deep Dive into the npm Supply Chain Worm Targeting AI Developers

Analysis of the Shai-Hulud-like supply chain worm exploiting npm packages to compromise AI development environments.
Preview image for a blog post

SANDWORM_MODE Unleashed: Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens in a Shai-Hulud-like Supply Chain Attack

Active npm supply chain worm, SANDWORM_MODE, harvests crypto keys, CI secrets, and API tokens, demanding urgent developer vigilance.