AsyncAPI npm packages compromised in supply-chain attack delivering credential-stealing malware
Five malicious AsyncAPI packages were published to npm in a supply-chain attack that used compromised GitHub Actions workflows to deliver a remote access trojan with data-stealing capabilities. The…
Read the full articleYou might also wanna read

Microsoft Details AsyncAPI npm Supply Chain Attack: Import-Time Malware Bypassed Traditional Defenses
Microsoft has released a comprehensive technical analysis of the recent AsyncAPI npm supply chain compromise, providing new insights into ho
AsyncAPI Breach Exposes CI/CD Pipeline Risk
A sophisticated supply chain attack used legitimate GitHub pipelines to push malicious code via the AsyncAPI npm namespace.
Supply Chain Breach Targets npm Ecosystem
Compromised AsyncAPI and Jscrambler packages expose developers to credential theft via automated malicious injection.
Compromised AsyncAPI packages on npm deliver malware
A commit to the AsyncAPI generator GitHub repository injected obfuscated JavaScript into four npm packages with a combined weekly download v

Coordinated AsyncAPI Supply Chain Attack: Miasma RAT Delivered via Compromised CI/CD Pipelines in Two Repositories
On July 14, 2026 at 07:10 UTC, three packages in the AsyncAPI generator monorepo (@asyncapi/[email protected], @asyncapi/[email protected]
Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis
Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical

Comments
Sign in to join the conversation.
No comments yet. Be the first.