June 4, 2026 Malware-Slop 2: Malicious npm Package Leaks Its Own Bot’s Telegram Private Token Moshe Siman Tov Bustan, Nir Zadok
June 4, 2026 600,000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npm Moshe Siman Tov Bustan, Nir Zadok
June 2, 2026 Six Stages Deep and an Endless Loop: Shai-Hulud Is Getting Sophisticated Moshe Siman Tov Bustan, Nir Zadok
June 1, 2026 New Shai-Hulud hits npm: @redhat-cloud-services Compromised Moshe Siman Tov Bustan, Nir Zadok
May 27, 2026 Malware-Slop: New Malicious npm Package Leaks Its Own GitHub Private Token Moshe Siman Tov Bustan, Nir Zadok
May 21, 2026 Megalodon: New CI/CD Malware Spreads Across GitHub, Infecting ~5,000+ Repositories Moshe Siman Tov Bustan
May 20, 2026 North Korean-Linked Threat Actor Targets Developers with New npm Infostealer RAT Moshe Siman Tov Bustan, Nir Zadok
May 19, 2026 The @antv Ecosystem Was Compromised with Shai-Hulud Malware, 300+ Packages Affected Moshe Siman Tov Bustan, Nir Zadok
