npm-security

Blog All categories All authors All tags
Preview image for a blog post

Supply Chain & Endpoint Zero-Days: Analyzing Axios npm Compromise & Critical FortiClient EMS Exploits

Deep dive into the Axios npm supply chain compromise and critical FortiClient EMS vulnerabilities, detailing technical impacts and mitigation strategies.
Preview image for a blog post

Supply Chain Alert: 36 Malicious npm Packages Leverage Redis & PostgreSQL for Persistent Implants and Covert Data Exfiltration

36 malicious npm packages masquerading as Strapi plugins exploit Redis/PostgreSQL for reverse shells, credential harvesting, and persistent implants.
Preview image for a blog post

Malicious npm Package Unmasked: "@openclaw-ai/openclawai" Deploys RAT, Targets macOS Credentials in Supply Chain Attack

Malicious npm package "@openclaw-ai/openclawai" masquerades as OpenClaw installer, deploying a RAT to steal macOS credentials.
Preview image for a blog post

Shai-Hulud's Shadow: A Deep Dive into the npm Supply Chain Worm Targeting AI Developers

Analysis of the Shai-Hulud-like supply chain worm exploiting npm packages to compromise AI development environments.
Preview image for a blog post

SANDWORM_MODE Unleashed: Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens in a Shai-Hulud-like Supply Chain Attack

Active npm supply chain worm, SANDWORM_MODE, harvests crypto keys, CI secrets, and API tokens, demanding urgent developer vigilance.