MalwareBleeping Computer
8.0 — CRITICAL
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A new supply-chain attack using IronWorm malware has infected 36 packages on the Node Package Manager (npm) index, targeting environment variables and credential files with infostealer malware.
⚙️Technical Details
Affected Systems
Node Package Manager (npm)
Attack Vectors
Supply-chain attackPublishing on npm using stolen credentials
💥Impact Assessment
Severity: high
Who Is at Risk
Developers and CI systems using packages from the affected npm index
🛡️Recommended Actions
1Upgrade to fixed releases of affected packages
2Rotate keys and enable two-factor authentication (2FA) for all accounts
3Monitor for suspicious activity on npm and GitHub Actions
📦Affected Products
npm packages with infostealer malware
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.