MAL-2026-10067: Malicious code in polymarket-apis (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b) The package impersonates the Polymarket…
Read the full articleYou might also wanna read
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
Over 1,000 NPM packages were infected using the same method as the previous attack, infecting with a fake Bun runtime. The attacker leverage
Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code
The Glassworm supply chain attack is back. Researchers uncovered malware hidden in invisible Unicode characters across 150+ GitHub repositor
aikido.dev·3mo ago
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec
Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the cr

Visibly invisible malicious Node.js packages: When configuration niche meets invisible characters
A focus on attacks in the Node.js ecosystem via the yarn and npm package managers, examining how configuration abuse and hidden characters c
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that

Comments
Sign in to join the conversation.
No comments yet. Be the first.