MAL-2026-10044: Malicious code in chai-as-serialized (npm)
The npm package chai-as-serialized version 7.0.8 contains malicious code that executes arbitrary code from a remote host. It impersonates a legitimate package to lure users into installing it. Upon…
Read the full articleYou might also wanna read
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoTyposquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d agoSecurity Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware
Malware driving attack includes "dead man's switch" that can harm user data.
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec

Comments
Sign in to join the conversation.
No comments yet. Be the first.