Miasma Malware Targets npm Packages and GitHub Actions26. June 2026CybersecurityThe Miasma malware family compromises npm packages and GitHub Actions as new supply chain attack vectors. Share on:
Microsoft Attributes Mastra AI Supply Chain Attack to North Korean Hackers20. June 2026CybersecurityMore than 140 npm packages in Mastra AI were compromised by North Korean hacker group Sapphire Sleet, exploiting supply chains as an attack surface. Share on:
GitHub Disables npm Installation Scripts by Default Against Supply Chain Attacks11. June 2026Claude Code, Cybersecuritynpm 12 disables install scripts by default to make it harder to exploit lifecycle hooks for supply chain attacks. Share on:
GitHub Disables Automatic Script Execution in npm Starting with Version 1211. June 2026Claude Code, Cybersecuritynpm blocks automatic package installation scripts by default starting with version 12, a practice that competitors like Yarn, pnpm, and Bun had already established. Share on:
GitHub Announces Security Measures for npm v12 Against Supply-Chain Attacks10. June 2026Cybersecuritynpm v12 introduces security measures to prevent automated attack vectors during package installation. Share on:
npm v12: Installation Scripts of Dependencies Require Explicit Approval from 202610. June 2026Cybersecurity, Regulationnpm v12 disables installation scripts of dependencies by default, thereby closing an attack surface for supply-chain attacks. Share on:
Rust-Based Malware IronWorm Targets NPM Dependency Chain5. June 2026CybersecurityRust-written malware compromises NPM packages, steals developer credentials, and leverages them to spread through the software supply chain. Share on:
IronWorm Malware Compromises 36 npm Packages in Supply-Chain Attack4. June 2026Claude Code, CybersecurityA coordinated supply-chain attack has infected 36 npm packages with infostealer malware, directly threatening developers and their customers. Share on: