Tens of Thousands of Malicious NPM Packages Distribute Self-Replicating Worm

Related breach coverage

• Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign 
  2025-11-14

  A financially motivated threat actor automated the package publishing process in a coordinated tea.xyz token farming campaign. The post Amazon Detects 150,000 NPM Packages in Worm-Powered Campaign  appeared first on SecurityWeek.

• Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
  2026-04-09

  Tracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO. The post Google Warns of New Campaign Targeting BPOs to Steal Corporate Data appeared first on SecurityWeek.

• Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign
  2026-03-09

  Threat actors replace legitimate commands on the cloned installation webpages with malicious commands. The post Cloned AI Tool Sites Distribute Malware in ‘InstallFix’ Campaign appeared first on SecurityWeek.

• 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack
  2025-11-25

  The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek.