Stories tagged: #npm

> Jun 03, 2026#supply-chain #npm

Red Hat npm packages backdoored: Miasma worm hits @redhat-cloud-services

Red Hat security bulletin RHSB-2026-006 confirms 32 @redhat-cloud-services npm packages were trojaned on June 1, 2026 with a self-spreading credential-stealing worm derived from Shai-Hulud.

> May 31, 2026#supply-chain #npm

npm supply-chain campaign: 14 typosquats target AWS, Vault, npm tokens

Microsoft says a single maintainer 'vpmdhaj' pushed 14 typosquatted npm packages on May 28 that exfiltrate AWS, ECS, HashiCorp Vault and npm tokens via a Bun-runtime payload.