MAL-2026-10040: Malicious code in chai-as-balanced (npm)
The npm package 'chai-as-balanced' is a malicious typosquat of 'chai-as-promised' that executes attacker-controlled code. It includes a dropper that fetches a remote payload from an anonymous…
Read the full articleYou might also wanna read
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoTyposquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d agoShai-Hulud: Largest npm Supply-Chain Compromise Affecting CrowdStrike and Hundreds of Packages
We are tracking the largest and most dangerous npm supply-chain compromise in history, known as the Shai-Hulud malware campaign, which has n
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report de

Comments
Sign in to join the conversation.
No comments yet. Be the first.