Ghost 3.24.0–6.19.0 Content API SQLi leaked Admin API keys and injected ClickFix loaders into posts. Patch to 6.19.1+, rotate keys, and grep post bodies.
Chainguard has blocked 52,000+ npm packages as malware or greyware, scanning 100,000+ a day, catching README-honest credential CLIs that release-age gates and npm v12 miss.
On June 17, 2026 Mastra's @mastra/* packages were re-published with an added easy-day-js dependency whose postinstall runs a RAT at install. Counts: 116 official vs 143–144 external.
GitHub disabled 73 Microsoft repos after an Azure/durabletask commit. Miasma used Claude Code, Gemini CLI, Cursor, and VS Code config, not npm install.
TrapDoor planted 34 packages across npm, PyPI and Crates.io to steal Solana/Sui/Aptos wallet keys. Each registry fires differently: postinstall, import-time, and Rust build.rs.
CVE-2026-5426 zero-day: KnowledgeDeliver's shared ASP.NET machineKey → ViewState RCE → Godzilla in memory → Cobalt Strike via JS tampering. Hunting starts at Event ID 1316.
The May 19 Mini Shai-Hulud wave compromised 314 npm packages under @antv via the `atool` maintainer account. After rolling back lockfiles, payload entry points stay behind in .claude/settings.json SessionStart hooks, .vscode/tasks.json folderOpen tasks, systemd user services, and .github/workflows/codeql.yml. Concrete IoCs and the gh-token-monitor wipe ordering before rotation.
SANS ISC (2026-04-30): a fake Homebrew Google sponsored ad drops MacSync Stealer through a 225-byte zsh that fans out into 1,448- and 2,647-byte stages, fakes a 'System Preferences' osascript dialog, and ships Keychain, browser data, crypto wallets, and `.ssh` to glowmedaesthetics[.]com over plain HTTP. IoCs, detection points, and MITRE ATT&CK mapping included.
May 12: TeamPCP open-sourced the Shai-Hulud worm on GitHub. Datadog mapped its module pipeline (Loader/Provider/Collector/Dispatcher/Sender/Mutator) and Claude Code SessionStart hook for persistence. May 15: BreachForums opened a paid attack challenge. Detection notes for the copycat wave.
Malicious node-ipc 9.1.6/9.2.3/12.0.1 fire on require(), not postinstall. 12.0.1 is SHA-256 gated (targeted), so a working app isn't safe. Exfils dev/CI secrets via DNS TXT.
In its April 23 update, Vercel disclosed customer accounts compromised prior to and independently of the Context.ai incident. Covering the Lumma Stealer infection path, the ShinyHunters $2M BreachForums listing, and what non-sensitive environment variables actually mean.