Malicious npm Package Impersonating Java SLF4J
A malicious npm package impersonating the popular Java logging framework SLF4J is discovered by SafeDep Cloud malicious package scanning service.
Read the full articleYou might also wanna read
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Microsoft detects 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
And then Microsoft busted them all
Attacker publishes 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries
A single npm user published 14 malicious packages impersonating OpenSearch/Elasticsearch libraries to steal AWS, Vault, and CI/CD secrets.
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
A 176-package npm malware campaign used dependency confusion and install-time scripts to steal credentials and compromise developer and CI/C
MAL-2026-10055: Malicious code in chain-chai-async (npm)
The npm package chain-chai-async version 1.3.5 impersonates the legitimate pino logging library by copying its source files and exporting a
Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
A compromised version (1.20.21) of the Injective Labs TypeScript SDK npm package was published containing malicious code that exfiltrates cr
MAL-2026-10077: Malicious code in type-slint (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (1b5cd26e040f4f4366ed65cca4b70258d276f781e0aab76b99b

Comments
Sign in to join the conversation.
No comments yet. Be the first.