MAL-2026-10075: Malicious code in testudo-pack (npm)
The testudo-pack npm package version 1.0.0 contains malicious code that executes during installation and runtime. It downloads and runs an unverified binary from a suspicious external host, using…
Read the full articleYou might also wanna read
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
## Summary Malicious versions of the [`nx` package]( as well as some supporting plugin packages, were published to npm, containing code that
Popular npm packages debug and chalk compromised with crypto-intercepting malware
The popular packages debug and chalk on npm have been compromised with malicious code
aikido.dev·10mo agoAI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
Sloppy AI-generated npm infostealer leaked its own GitHub token, exposing the operator
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months
An overview of how the malicious flatmap-stream npm package operates, and remediation steps to follow if you've been affected.

Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec

Comments
Sign in to join the conversation.
No comments yet. Be the first.