IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

📅 5 June 2026 at 18:05 UTC📰 The Hacker NewsView original source ↗

Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed