New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch. The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek.
Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities.
Dubbed Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typosquatting to trick developers into executing the malicious code.
According to cybersecurity firm Socket, the attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2025.
Source: https://www.securityweek.com/new-sandworm_mode-supply-chain-attack-hits-npm/
Related breach coverage
- Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist2025-12-31
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
- 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack2025-11-25
The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.
- Bitwarden NPM Package Hit in Supply Chain Attack2026-04-24
Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek.
- OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack2026-04-13
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.