Tag: npm

Week in Malware: CISA Adds n8n to KEV, Iran-Linked Wiper Hits Medical Giant

CISA added an actively exploited n8n RCE vulnerability to its KEV catalog, mandating federal patches by March 25. Meanwhile, Iranian-linked Handala group deployed wiper malware against medical technology giant Stryker.

Mar 12, 2026BleepingComputer, Graham Cluley, Cisco Talos, Malwarebytes Labs, Bitdefender Labs

ransomwaresupply-chaincisa-kev

🇷🇺BlackCat

🇺🇸Google🇺🇸Meta Platforms

criticalVulnerabilities & Exploits

APT28 Exploits MSHTML Zero-Day; North Korean npm Campaign Evolves

Russian APT28 exploited CVE-2026-21513, an MSHTML zero-day vulnerability, before Microsoft's February patch. North Korean threat actors published 26 malicious npm packages using Pastebin for C2 infrastructure in their ongoing Contagious Interview campaign.

Mar 2, 2026The Hacker News, SANS ISC

apt28zero-daymshtml

🇷🇺APT28

mediumMalware & Threats

Supply Chain Worm Mimics Shai-Hulud Malware, Targets Developers Through npm and AI Tools

A new supply chain worm resembling the Shai-Hulud malware has been discovered spreading through malicious npm packages. The worm specifically targets developers using AI tools, representing a concerning evolution in supply chain attack techniques.

Feb 23, 2026Infosecurity Magazine

supply-chainnpmworm

mediumData Breaches & Incidents

Steganography Strikes: Malware Hidden in Images Targets Enterprise Systems

Three separate campaigns demonstrate advanced steganographic malware deployment: XWorm 7.2 in Excel files, Pulsar RAT in NPM packages, and critical password manager vulnerabilities.

Feb 23, 2026Hackread

steganographymalwaresupply-chain

highVulnerabilities & Exploits

Supply Chain Worms and State-Sponsored Malware: Weekend Threat Roundup

Active npm supply chain worm harvests crypto keys and CI secrets while Iranian APT MuddyWater deploys new malware targeting MENA organizations in coordinated campaign.

Feb 23, 2026The Hacker News, SANS ISC

supply-chainnpmmalware

🇮🇷MuddyWater🇷🇺Sandworm