Mini Shai-Hulud Is Back: 172 npm and PyPI Packages Compromised in Latest Wave
33 malicious NPM packages target DeFi, cloud, and AI developer credentials ... Read More
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers ... Read More
Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework
SAP CAP packages compromised via Claude Code in AI-assisted worm attack ... Read More
The Butlerian Jihad: Compromised Bitwarden CLI Deploys npm Worm, Poisons AI Assistants, and Dumps GitHub Secrets
Mend.io tracks TeamPCP's latest supply chain attack ... Read More
A Poisoned Xinference Package Targets AI Inference Servers
Three poisoned xinference releases on PyPI target AI infrastructure credentials ... Read More
Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install
See how the attack works, what to look for, and how to remediate ... Read More
Famous Telnyx Pypi Package compromised by TeamPCP
See how the attack works, what to look for, and how to remediate ... Read More
TeamPCP Supply Chain Attack Part 2: LiteLLM PyPI Credential Stealer
Check and fix your install for the new LiteLLM PyPI compromise ... Read More
CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive
On March 20, 2026 at 20:45 UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were receiving unauthorized patch updates, all containing the same hidden malicious code. What they had caught was CanisterWorm, a self-spreading npm worm deployed by the threat actor ... Read More
NPM User Flooding Registry with Fake Font Packages
Analysis of an npm account flooding the registry with malformed font packages ... Read More
