SANDWORM_MODE malicious npm supply-chain worm campaign
Campaign
Summary
Hide ▲
Show ▼
An active SANDWORM_MODE supply-chain campaign is using at least 19 malicious npm packages to steal credentials and cryptocurrency keys from developer environments. The packages spread by abusing stolen npm and GitHub identities, turning package installs into a propagation channel. The payload adds GitHub API exfiltration, MCP server injection, and SSH propagation fallback, increasing the chance of follow-on compromise. The activity matters because it combines supply-chain infection, secret theft, and self-propagation in one developer-facing operation.
Related Happenings
GitHub npm version 12 hardens installs and token management
Security Tool/Service
H score11
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
**GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm version 12 hardens installs and token management
Security Tool/ServiceAbout this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm GAT publish-token mitigation guidance
Advisory/Mitigation
H score25
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub npm GAT publish-token mitigation guidance
Advisory/MitigationAbout this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub Agentic Workflows indirect prompt injection security flaw
Vulnerability
H score27
First: 07.07.2026 17:04
Last: 07.07.2026 17:04
Sources 1
About this happening:
**GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
GitHub Agentic Workflows indirect prompt injection security flaw
VulnerabilityAbout this happening: **GitHub Agentic Workflows** has an **indirect prompt injection** flaw that can let a **public issue** leak content from **private repositories** into public comments. The risk is...
Hijacked npm and Go packages deploying Python infostealer via VS Code auto-run tasks
Malware Activity
H score30
First: 29.06.2026 08:36
Last: 29.06.2026 08:36
Sources 1
About this happening:
Hijacked **npm** and **Go** packages now deliver a **Python infostealer** through a hidden **VS Code auto-run task**, putting developer machines and credentials at risk across **W...
Hijacked npm and Go packages deploying Python infostealer via VS Code auto-run tasks
Malware ActivityAbout this happening: Hijacked **npm** and **Go** packages now deliver a **Python infostealer** through a hidden **VS Code auto-run task**, putting developer machines and credentials at risk across **W...
Codfish/semantic-release-action hit by network compromise
Incident
H score21
First: 26.06.2026 14:05
Last: 26.06.2026 14:05
Sources 1
About this happening:
The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
Codfish/semantic-release-action hit by network compromise
IncidentAbout this happening: The **codfish/semantic-release-action** GitHub Action was hit by a **malicious commit force-push** and **tag redirection** that caused trusted workflows to run attacker code. The...
Timeline
-
23.02.2026 12:20 2 articles · 4mo ago
SANDWORM_MODE supply-chain worm disclosure
Initial DisclosureSecurity researchers disclosed an active Shai-Hulud-like supply-chain worm campaign codenamed SANDWORM_MODE that used at least 19 malicious npm packages, published by the aliases official334 and javaorg, to harvest credentials, API tokens, and cryptocurrency keys from developer environments while propagating through stolen npm and GitHub identities and adding GitHub API exfiltration, hook-based persistence, SSH propagation fallback, and MCP server injection against AI coding assistants.
Show sources
- Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens — thehackernews.com — 23.02.2026 12:20
- Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens — thehackernews.com — 23.02.2026 12:20