TL;DR Sonatype Security Research is tracking a new Shai-Hulud Miasma wave with 281 malicious npm package versions that move beyond obvious preinstall and postinstall scripts in package.json. This variant abuses binding.gyp to ...

TL;DR Sonatype Security Research is tracking a Lazarus Group npm campaign using dozens of malicious packages to abuse developer trust and deliver follow-on payloads. The campaign goes beyond typosquatting, relying on brandjacking ...

A new wave of malicious npm activity has been reported involving multiple packages in the legitimate @redhat-cloud-services namespace ...

Attackers do not need to wait for a CVE when they can publish directly into the build ...

A newly discovered software supply chain attack targeting the npm ecosystem briefly compromised one of the most widely used JavaScript libraries in the world ...

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages — sbx-mask and touch-adv — designed to exfiltrate secrets from ...

Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is ...

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply ...

Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply ...

Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025 This week, an open source malware campaign dubbed ‘PhantomRaven’ has run rampant, flooding the npm ...