Malicious @velora-dex/sdk Delivers Go RAT via npm
Version 9.4.1 of @velora-dex/sdk, a DeFi SDK with ~2,000 weekly downloads, was compromised to deliver a Go-based remote access trojan (minirat) targeting macOS developers.
Read the full articleYou might also wanna read
axios npm Package Compromised: Versions 1.14.1 and 0.30.4 Contain RAT Malware
TL;DR On March 30–31, 2026, axios versions 1.14.1 and 0.30.4 were compromised on npm with...
cstu.io·27d agoSupply Chain Attack Wave Targets npm Packages and Go Ecosystem via Mini Shai-Hulud Malware Family
Socket Threat Research is tracking a new supply chain attack wave tied to the Mini Shai-Hulud, Miasma, and Hades malware family, affecting L
hendryadrian.com·15d ago
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injec
Compromised axios npm package delivers cross-platform RAT
An attacker hijacked an axios maintainer's npm account to publish malicious releases that deliver a cross-platform RAT.

Compromised Injective SDK sends wallet keys through fake telemetry
A malicious update to an Injective developer package has exposed private keys and seed phrases after being downloaded more than 300 times, S
Network of 200 GitHub Repositories Used for Malware Infection
A threat actor has created a network of over 200 GitHub repositories that distribute Windows malware via a malicious Go module. This module

Comments
Sign in to join the conversation.
No comments yet. Be the first.