MAL-2026-10049: Malicious code in chai-await-dom (npm)
The npm package chai-await-dom version 1.3.7 is a malicious package impersonating a pino-style logger API. Its middleware spawns a detached Node.js child process that downloads and executes a remote…
Read the full articleYou might also wanna read
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Malicious npm package "Codex" stole developer credentials for a month before detection
The npm package had an active GitHub repository and about 29,000 weekly downloads while providing a remote web UI for OpenAI Codex. For abou
North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package
Security researchers discovered obfuscated JavaScript hidden inside a Packagist development version of the legitimate Laravel package
cyberpress.org·1mo agoMicrosoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence
A newly discovered malware campaign is targeting Windows systems through a deceptive package on the npm registry. Disguised as a legitimate
cybersecuritynews.com·15d ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.