144 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for...
packages
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack Pierluigi Paganini May 26, 2026 Attackers have poisoned four...
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Ravie LakshmananMay 07, 2026Malware / Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository...
Malicious PyTorch Lightning Packages Found on PyPI
The post Malicious PyTorch Lightning Packages Found on PyPI appeared first on 2024 Sonatype Blog. TL;DR Two malicious versions of...
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating...
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised...
How GitGuardian Enables Rapid Response to the LiteLLM Supply Chain Attack
The TeamPCP supply chain attack compromised LiteLLM packages 1.82.7 and 1.82.8, stealing SSH keys, cloud credentials, API tokens, and...
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive...
Securing E-commerce Transactions with Modern Authentication
Image Source: Pexels How many packages has your business lost during shipping? If you don’t have shipping insurance, any...
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000...
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Malicious npm and PyPI packages Llinked to Lazarus APT fake recruiter campaign Pierluigi Paganini February 15, 2026 Researchers found malicious...
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked...
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index...
MoltBot Skills exploited to distribute 400+ malware packages in days
MoltBot Skills exploited to distribute 400+ malware packages in days Pierluigi Paganini February 02, 2026 Over 400 malicious OpenClaw packages...
