π¨ [New supply chain attack declared]: @jacobtan/decode-sdk
The npm package @jacobtan/decode-sdk contained malware that could fully compromise any system where it was installed or executed. Systems with this package should be considered fully compromised and all secrets and keys rotated from a different computer.
Impact: Any system with the package installed or running
β Immediately remove the @jacobtan/decode-sdk package from all systems
Full details π
https://t.co/puyQ4QNGQE
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #jacobtandecodesdk #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: @antoncarlos1/nodelamp
Malware was distributed via the npm package @antoncarlos1/nodelamp, resulting in full system compromise of affected installations. The package has been identified and removed from distribution.
Impact: Any system with the package installed or running
β Remove the @antoncarlos1/nodelamp package immediately from all systems
Full details π
https://t.co/sGggikjSDh
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #antoncarlos1nodelamp #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: ts-node-utils
The npm package ts-node-utils was found to contain malware, resulting in full system compromise of any computer with the package installed or running. GitHub Security Advisory GHSA-mjvg-2r5j-mg76 was published on 2026-07-03.
Impact: Any system with ts-node-utils installed or executed
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/BV8wgQGEf5
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #tsnodeutils #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: @node-cloud/create
Malware was discovered in the npm package @node-cloud/create. Systems with this package installed or running should be considered fully compromised and require immediate remediation.
Impact: Any system with the package installed or running
β Immediately isolate any system with @node-cloud/create installed from the network
Full details π
https://t.co/kLyjFkgKJY
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #nodecloudcreate #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: @sql-trigger/nodesql
Malware discovered in the npm package @sql-trigger/nodesql. Systems with this package installed are considered fully compromised, with potential for complete system takeover.
Impact: Any system with the package installed or running
β Immediately remove the @sql-trigger/nodesql package from all systems
Full details π
https://t.co/uJLqi7XGfN
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #sqltriggernodesql #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-mcp
The npm package autotel-mcp contains malware that grants full system compromise to attackers. Any computer with this package installed or running should be considered fully compromised and all secrets and keys rotated immediately from a different machine.
Impact: Any system with autotel-mcp installed or running
β Immediately isolate any computer with autotel-mcp installed or running from the network
Full details π
https://t.co/CyQhWZUlcB
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autotelmcp #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: vitest-agent
Malware was discovered in the npm package vitest-agent. Systems with this package installed or running are considered fully compromised and require immediate remediation.
Impact: Any system with vitest-agent installed or running
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/fIcmfel0AC
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #vitestagent #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-mcp-instrumentation
Malware was discovered in the npm package autotel-mcp-instrumentation. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated immediately from a different computer.
Impact: Any system with the package installed or running
β Immediately remove the autotel-mcp-instrumentation package from all systems
Full details π
https://t.co/i36HuSYXaj
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autotelmcpinstrumentation #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-drizzle
Malware discovered in the npm package autotel-drizzle. Any computer with this package installed or running should be considered fully compromised. All secrets and keys must be rotated immediately from a different computer.
Impact: Any system with the package installed or running
β Immediately remove the autotel-drizzle package from all systems
Full details π
https://t.co/H4ryYRUGrd
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autoteldrizzle #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-vitest
Malware was discovered in the npm package autotel-vitest. Any computer with this package installed or running should be considered fully compromised, with all secrets and keys requiring immediate rotation from a different system.
Impact: Any system with the package installed or running
β Immediately rotate all secrets, keys, and credentials from a different, uncompromised computer
Full details π
https://t.co/jmUwPxrxiw
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autotelvitest #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-tanstack
Malware was discovered in the npm package autotel-tanstack. Any computer with this package installed or running should be considered fully compromised, with all secrets and keys requiring immediate rotation from a different system.
Impact: Any system with the package installed or running
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/P4h2Rx49gv
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autoteltanstack #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: autotel-web
The npm package autotel-web was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All secrets and keys should be rotated immediately from a different computer.
Impact: Any system with autotel-web installed or running
β Immediately rotate all secrets, API keys, and credentials from a different, uncompromised computer
Full details π
https://t.co/Et6b7ZwJz2
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #autotelweb #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: gx-npm-lib
Malware discovered in the npm package gx-npm-lib. Any computer with this package installed or running should be considered fully compromised.
Impact: Any system with the package installed or running
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/xCUBPNWAtD
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #gxnpmlib #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: @epsteinlovekids483/crossmint-wallets-sdk-pentest
Malware was distributed via the npm package @epsteinlovekids483/crossmint-wallets-sdk-pentest. Systems with this package installed are considered fully compromised and require immediate remediation.
Impact: Any system with the package installed or running
β Immediately remove the @epsteinlovekids483/crossmint-wallets-sdk-pentest package from all systems
Full details π
https://t.co/BuM9J8aEAF
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #epsteinlovekids483crossmintwalletssdkpentest #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: polymarket-clob-math
Malware was discovered in the npm package polymarket-clob-math. Systems with this package installed or running should be considered fully compromised, with all secrets and keys requiring immediate rotation from a different computer.
Impact: Any system with the package installed or running
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/pzly4VVjrH
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #polymarketclobmath #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: ts-einkle
Malware discovered in the npm package ts-einkle. Systems with this package installed are considered fully compromised and require immediate remediation.
Impact: Any system with ts-einkle installed or running
β Immediately isolate affected systems from the network
Full details π
https://t.co/zo3ws79oaz
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #tseinkle #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: crossmint-wallets-sdk
Malware was discovered in the npm package crossmint-wallets-sdk, resulting in full system compromise of any computer with the package installed or running. All secrets and keys on affected systems should be rotated immediately from a different computer.
Impact: Any system with the package installed or running
β Immediately rotate all secrets and keys from a different, uncompromised computer
Full details π
https://t.co/BOTjUltrM7
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #crossmintwalletssdk #ThreatIntel #OpenSource
π¨ [New supply chain attack declared]: local-ip-helper
The npm package local-ip-helper was found to contain malware, resulting in full system compromise of any computer with the package installed or running. All affected systems should be considered fully compromised and all secrets and keys rotated from a different computer.
Impact: Any system with the package installed or running
β Immediately remove the local-ip-helper package from all affected systems
Full details π
https://t.co/PAGWhuWXIS
#supplychain #SupplyChainSecurity #infosec #CyberSecurity #npm #localiphelper #ThreatIntel #OpenSource