MAL-2026-10038: Malicious code in antsrcsrctest (npm)
The npm package 'antsrcsrctest' version 1.0.0 contains malicious code that executes during installation. Its preinstall script exfiltrates sensitive environment information, system details, and…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware
Compromised @antv npm packages deploy the Mini Shai-Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malwa
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV dat
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Malicious npm package "Codex" stole developer credentials for a month before detection
The npm package had an active GitHub repository and about 29,000 weekly downloads while providing a remote web UI for OpenAI Codex. For abou

Comments
Sign in to join the conversation.
No comments yet. Be the first.