> EssentialInfoSec
Home / Feb 24, 2026 / Story
0
#9 The Hacker News general February 23, 2026 at 10:20 UTC

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

By [email protected] (The Hacker News)

AI Summary

Socket discovered the SANDWORM_MODE supply chain campaign using at least 19 malicious npm packages to harvest cryptocurrency keys, CI secrets, and API tokens in a Shai-Hulud-like worm attack. The active campaign targets developers' credentials and cryptocurrency wallets through compromised JavaScript packages.

Read full article → https://thehackernews.com/2026/02/malicious-npm-pa…

Relevance score: 73.0/100

# More from February 24

  1. 1
    600+ FortiGate Devices Hacked by AI-Armed Amateur Dark Reading
  2. 2
    Android mental health apps with 14.7M installs filled with security flaws BleepingComputer
  3. 3
    APT28 Targeted European Entities Using Webhook-Based Macro Malware The Hacker News
  4. 4
    Iran's MuddyWater Targets Orgs With Fresh Malware as Tensions Mount Dark Reading
  5. 5
    CISA: Recently patched RoundCube flaws now exploited in attacks BleepingComputer
  6. 6
    Spitting Cash: ATM Jackpotting Attacks Surged in 2025 Dark Reading
  7. 7
    Mississippi Hospital System Closes All Clinics After Ransomware Attack SecurityWeek
  8. 8
    US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach SecurityWeek
  9. 10
    Romanian Hacker Pleads Guilty to Selling Access to US State Network SecurityWeek