All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

MAL-2026-10046: Malicious code in chai-as-smart (npm)

The npm package 'chai-as-smart' version 2.3.5 contains malicious code that executes upon requiring the package. It spawns a detached background process that decodes a base64-encoded URL and sends the…

Read the full article
3h agoen

You might also wanna read

AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator

Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator

infosecurity-magazine.com·1mo ago

GitLab Identifies Large-Scale npm Supply Chain Attack with Destructive Malware

Malware driving attack includes "dead man's switch" that can harm user data.

about.gitlab.com·7mo ago

Popular npm packages debug and chalk compromised with crypto-intercepting malware

The popular packages debug and chalk on npm have been compromised with malicious code

aikido.dev·10mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries

And then Microsoft busted them all

theregister.com·1mo ago

Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account

A compromised npm maintainer account triggered an automated burst of over 300 malicious package versions across 323 packages in the AntV dat

Snyk·1mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisti

Step Security·9mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisti

stepsecurity.io·9mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.