ShadowFeed Weekly #1: IronWorm npm Attack, $36M Humanity Protocol Hack, Microsoft Repos Compromised

ShadowFeed Weekly #1 | Web3 Security Intelligence June 5 — June 11, 2026 ShadowFeed is a...

giovedì 11 giugno 2026 New tab

578 words~3 min read

ShadowFeed Weekly #1 | Web3 Security Intelligence

June 5 — June 11, 2026

ShadowFeed is a real-time Web3 security intelligence service for developers and security researchers. This weekly is the free edition. Pro ($29/mo) includes daily briefings, real-time alerts, and IOC data feeds.

1. IronWorm: One npm install Infected 57 Repositories

IronWorm deployed 36+ malicious npm packages targeting Web3 developers. After stealing 86 environment variables, it used exfiltrated GitHub Tokens to push backdoor commits across 57 repositories in 9 organizations — with commit messages disguised as "fix: resolve lint warnings", making them nearly impossible to detect in code review.

ShadowFeed Weekly #1: IronWorm npm Attack, $36M Humanity Protocol Hack, Microsoft Repos Compromised

ShadowFeed Weekly #1: IronWorm npm Attack, $36M Humanity Protocol Hack, Microsoft Repos Compromised

Other newsrooms on this story

Related reading

New IronWorm malware hits 36 packages in npm supply-chain attack

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Rust-Written IronWorm Hits NPM Supply Chain

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a…

Shai-Hulud copycat worm infects yet another npm package

Other newsrooms on this story

Related reading

New IronWorm malware hits 36 packages in npm supply-chain attack

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Rust-Written IronWorm Hits NPM Supply Chain

Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a…

Shai-Hulud copycat worm infects yet another npm package