NPM Archives - Secure Bulletin

Latest news

Cybercrime

84 TanStack npm Packages Poisoned in Sophisticated Supply-Chain Attack Stealing Cloud and CI Credentials

15 May 2026 dark6

Attackers compromised 84 npm artifacts across 42 TanStack packages — including react-router with 12M+ weekly downloads — injecting a credential-stealing...

Read more 0

Vulnerability

CVE-2026-43898: Critical SandboxJS Escape (CVSS 10.0) Enables Full Host Takeover via npm

15 May 2026 dark6

A maximum-severity (CVSS 10.0) vulnerability in the SandboxJS npm library allows attackers to completely escape the JavaScript sandbox and execute...

Read more 0

Malware

Bitwarden CLI npm Package Compromised in Sophisticated GitHub Actions Supply Chain Attack

28 April 2026 dark6

Security researchers at Socket have confirmed that the official Bitwarden CLI npm package (version 2026.4.0) was tampered with via a...

Read more 0

Malware

Malicious npm Package js-logger-pack Turns Hugging Face Into Malware CDN and Data Exfiltration Backend

24 April 2026 dark6

JFrog Security researchers have uncovered a malicious npm package, js-logger-pack, that uses Hugging Face as both a malware delivery network...

Read more 0

Malware

Sophisticated npm malware campaign exploits Cross-Ecosystem typosquatting

3 May 2025 securebulletin.com

A coordinated malware operation targeting npm employs cross-ecosystem typosquatting to mimic popular libraries from Python, Java, C++, and .NET ecosystems....

Read more 0

Malware

Malicious NPM packages targeting PayPal users: a recap analysis

12 April 2025 securebulletin.com

FortiGuard Labs recently uncovered a series of malicious NPM packages designed to steal sensitive information from compromised systems. These packages,...

Read more 0

Spyware

North Korean hackers targeting NPM packages

3 September 2024 dark6

In recent weeks, the cybersecurity landscape has witnessed a concerning uptick in malicious activities targeting developers through compromised NPM (Node...

Read more 0