Self-Propagating npm Worm Steals Tokens

9 stories

June 1

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
theregister.com · Jun 1
Red Hat npm packages compromised to steal developer credentials
BleepingComputer · Jun 1
Dozens of Red Hat packages backdoored through its offical NPM channel
Ars Technica · Jun 1
OpenAI Codex tool with over 29,000 downloads linked to malicious npm supply chain attack stealing authentication tokens
TechRadar · Jun 1
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
The Hacker News · Jun 1
Multiple Red Hat Cloud Services npm Packages Compromised to Deploy Credential-Stealing Malware
CyberSecurityNews · Jun 1
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
The Hacker News · Jun 1
Famous Chollima Hackers Target PHP Developers Using Compromised Packagist Package
CyberSecurityNews · Jun 1

May 29

Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
theregister.com · May 29

Self-Propagating npm Worm Steals Tokens | Clustered News