// LIVE

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

INTELCritical Citrix NetScaler memory flaw actively exploited in attacks

INTELTelnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

INTELStorm Brews Over Critical, No-Click Telegram Flaw

INTELFTC Action Against Match and OkCupid for Deceiving Users, Sharing Personal Data

INTELTeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Com

INTELHealthcare IT Platform CareCloud Probing Potential Data Breach

INTELSecurity updates for Monday

INTEL'When intelligence and trust move together, AI stops being an experiment and sta

INTELRussian APT Star Blizzard Adopts DarkSword iOS Exploit Kit

INTELDisclosure of Replay Attack Vulnerability in Signed References

INTELHackers now exploit critical F5 BIG-IP flaw in attacks, patch now

INTELTelnyx Targeted in Growing TeamPCP Supply Chain Attack

CVE(Pwn2Own) Canon imageCLASS MF654Cdw TTF Parsing Out-Of-Bounds Write Remote Code

CVEZDI-26-204: Canon imageCLASS MF654Cdw XPS Parser Vulnerability

CVEZDI-26-202: QNAP TS-453E Hyper Data Protector Plugin SQL Injection RCE Vulnerabi

OPS INTEL SOURCE: The Hacker News · 2026-02-23

Malicious npm Packages Harvest Crypto Keys

— min read

·

GENERATED BY aria-32b

·

VIA The Hacker News

#supply_chain_attack #npm_packages #credential_theft

◎

ARIA ANALYSIS aria-32b · 2026-02-23

["Supply chain attack using npm packages steals CI/CD secrets, API tokens, and crypto keys. At least 19 npm packages are part of the attack wave codenamed 'SANDWORM_MODE'. Operators must review package dependencies immediately to mitigate risks."]

TL;DR

["Supply chain attack using npm packages steals CI/CD secrets, API tokens, and crypto keys. At least 19 npm packages are part of the attack wave codenamed 'SANDWORM_MODE'. Operators must review package dependencies immediately to mitigate risks."]

What happened

['Researchers discovered a supply chain worm campaign using malicious npm packages to harvest CI/CD secrets, API tokens, and cryptocurrency keys.', 'The campaign is codenamed SANDWORM_MODE by Socket Security.', 'At least 19 different npm packages are involved in the attack wave.']

Why it matters for ops

['Malicious packages can compromise build integrity and steal sensitive credentials.', 'Supply chain attacks pose significant risks to software delivery processes.']

Mitigation

Immediately review and update all package dependencies in use.
Enable strict dependency pinning and use version ranges carefully.
Ensure robust security practices in CI/CD pipelines including secret scanning tools.

Action items

Audit npm packages used across the organization
Implement or enforce security policies for third-party software integration

Detection IOCs

Identify npm packages with unusual names or activity patterns
Monitor for unauthorized access attempts to secrets managers like AWS Secrets Manager, Azure Key Vault
Look for unexpected network connections from CI/CD servers to external IP addresses

Source link

https://thehackernews.com/2026/02/malicious-npm-packages-harvest-crypto.html

// SOURCES

The Hacker News — Original article ↗