WARPTECHNEWS · LAB

Home AI Business Tech Archive

WARPTECH LAB NEWS

Warptech Lab News aggrega le notizie più rilevanti da oltre 700 fonti internazionali, con classificazione AI, TL;DR sintetici e timeline cluster su singole storie.

Navigazione

Home
Archivio
Editor's Brief
Cerca
Il tuo account
Newsletter tech/AI

Informazioni legali

Privacy Policy
Termini di servizio
Cookie Policy

© 2026 Sparktech S.R.L. — Tutti i diritti riservati. Sito gestito e manutenuto da Sparktech S.R.L.

Sede legale: Corso Libertà 55, 13100 Vercelli (VC), Italia · P.IVA / C.F. 02835910023 · Contatti: admin@warptechlab.com

thehackernews.com

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.

martedì 23 giugno 2026 New tab

816 words~4 min read

Ravie LakshmananJun 23, 2026Supply Chain Attack / Developer Security

Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).

The list of identified packages, is below -

aes-decode-runner-pro (145 downloads)

postcss-minify-selector (256 downloads)

Other newsrooms on this story

· 1 sources

Full timeline →

dev.to·Jun 21, 2026 · 4 g fa
North Korean Hackers Poisoned 140+ npm Packages in an AI Dev Tooling Attack. Here's What Would Have Caught It.

Related reading

thehackernews.com

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

4 malicious npm packages with 3,006 downloads spread stealers and Phantom Bot, forcing removals and secret rotation.

thehackernews.com·1 mesi fa

news.bitcoin.com

822K Downloads at Risk: Malicious node-ipc Versions Spotted Stealing AWS and…

Slowmist confirmed three malicious node-ipc npm versions on May 14, 2026, stealing AWS keys, SSH secrets, and .env files via DNS…

news.bitcoin.com·1 mesi fa

thehackernews.com

144 Mastra npm Packages Compromised via Hijacked Contributor Account

144 Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

thehackernews.com·8 g fa

theregister.com

Cache-poisoning caper turns TanStack npm packages toxic

Six-minute supply chain blitz pushed 84 malicious versions with credential theft and disk-wiping code

theregister.com·1 mesi fa

thehackernews.com

IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm variant.

thehackernews.com·19 g fa

theregister.com

Shai-Hulud keeps burrowing: 314 npm packages infected after another account…

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings

theregister.com·1 mesi fa