ZCyberNews
中文

#npm

10 articles

Between late April and mid-May 2026, ZCyberNews tracked 13 articles on the npm ecosystem, with eight rated critical and four high. The threat actors TeamPCP, CanisterSprawl, and mini Shai-Hulud were observed targeting software development, technology, AI, automation, and cloud services globally. Key vulnerabilities included CVE-2026-41650 and CVE-2026-44664, each carrying a CVSS score of 6.1. One medium-severity incident was also recorded during this period.

fast-xml-builder Flaw CVE-2026-44664 Enables XML Injection viaMEDIUM
Vulnerabilities

fast-xml-builder Flaw CVE-2026-44664 Enables XML Injection via

CVE-2026-44664 (CVSS 6.1) in fast-xml-builder lets attackers break out of XML comments and inject arbitrary content via triple-dash sequences; fixed in version 1.1.6.

CVE-2026-44664CVE-2026-41650
4 min read
OpenAI Breached in TanStack Supply Chain AttackHIGH
Industry News

OpenAI Breached in TanStack Supply Chain Attack

OpenAI says two employees' devices were compromised in the TeamPCP Mini Shai-Hulud campaign, forcing rotation of code-signing certificates across macOS, Windows, iOS, and Android.

3 min readTeamPCP
TeamPCP Hijacks TanStack CI/CD, Poisons 170+ NPM/PyPI PackagesCRITICAL
Threat Intel

TeamPCP Hijacks TanStack CI/CD, Poisons 170+ NPM/PyPI Packages

TeamPCP chained three GitHub Actions flaws to hijack TanStack's CI/CD, publishing 84 malicious artifacts across 42 packages.

4 min readTeamPCP
Mini Shai-Hulud Attack Hijacks SAP, Lightning, Intercom PackagesCRITICAL
Malware

Mini Shai-Hulud Attack Hijacks SAP, Lightning, Intercom Packages

Attackers compromised SAP, Lightning, and Intercom npm packages in a supply chain attack affecting 1,800 victims; packages had 10M monthly downloads.

2 min readMini Shai-Hulud
SAP npm Packages Hijacked in Credential-Stealing Supply Chain AttackCRITICAL
Malware

SAP npm Packages Hijacked in Credential-Stealing Supply Chain Attack

Attackers compromised multiple SAP-related npm packages to deploy credential-stealing malware, targeting SAP BTP and cloud app credentials. Campaign dubbed mini Shai-Hulud.

3 min readmini Shai-Hulud
Axios npm Supply Chain Attack Delivers Cross-Platform RATCRITICAL
Malware

Axios npm Supply Chain Attack Delivers Cross-Platform RAT

Elastic Security Labs details a supply chain compromise of the axios npm package that deployed a unified RAT across platforms, impacting an unknown number of downstream…

2 min read
Bitwarden CLI Compromised in Checkmarx Supply Chain AttackCRITICAL
Malware

Bitwarden CLI Compromised in Checkmarx Supply Chain Attack

JFrog and Socket found malicious code in @bitwarden/[email protected] — the same campaign that hijacked Checkmarx npm packages.

3 min read
CanisterSprawl Worm Hijacks npm Packages, Steals Developer TokensHIGH
Malware

CanisterSprawl Worm Hijacks npm Packages, Steals Developer Tokens

The CanisterSprawl supply chain worm hijacks npm packages, uses stolen developer tokens to self-propagate, and exfiltrates data to an ICP canister, according to Socket and…

2 min readCanisterSprawl
Bitwarden CLI npm Package Hijacked to Steal Developer CredentialsCRITICAL
Threat Intel

Bitwarden CLI npm Package Hijacked to Steal Developer Credentials

Attackers published a malicious @bitwarden/cli npm package that steals credentials and spreads to other projects.

2 min read
CISA Warns Axios npm Package Compromised in Supply Chain AttackCRITICAL
Threat Intel

CISA Warns Axios npm Package Compromised in Supply Chain Attack

CISA alerts that the Axios npm package, with over 60 million weekly downloads, was compromised in a supply chain attack, injecting malicious code into downstream applications.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.