{ads}

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Written By Monday, 23 February 2026 Add Comment



February 23, 2026 at 03:50PM

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft. The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded

from The Hacker News https://ift.tt/iFYck2S

0 Response to "Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads