Find notable cyber news and cases, enriched with sources, timelines, and signals.

Famous Chollima PromptMink supply-chain campaign targeting Web3 developers

Campaign
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

The PromptMink campaign is widening Famous Chollima's supply-chain intrusion playbook by pushing tainted npm packages into developer environments and stealing secrets. The operation targets Web3 developers and can expose crypto wallets, funds, source code, and other intellectual property. Its layered dependency chain and AI-generated code make the malicious packages harder to detect and easier to swap when removed. The same activity has also spread into related PyPI and GitHub-hosted delivery paths.

Related Happenings

Malicious npm and PyPI payment SDK typosquat packages

Malware Activity
H score40 First: 09.07.2026 18:09 Last: 09.07.2026 18:09 Sources 1

About this happening: The **17 malicious npm and PyPI packages** targeted **Paysafe, Skrill, and Neteller SDKs** to steal **system information** and **developer secrets**, then send the data to an **Ng...

North Korean Contagious Interview PolinRider supply-chain campaign

Campaign
H score51 First: 04.07.2026 14:17 Last: 04.07.2026 14:17 Sources 1

About this happening: The **Contagious Interview / PolinRider** campaign is still active, with **108 unique packages and browser extensions** published across **npm, Packagist, Go, and Google Chrome**....

Rollup polyfill npm package malware activity for remote access and data theft

Malware Activity
H score16 First: 03.07.2026 19:07 Last: 03.07.2026 19:07 Sources 1

About this happening: **Malicious npm packages** disguised as **Rollup polyfill tooling** are now delivering **remote-access and data-theft payloads** to developer workstations and build machines. The...

Hijacked npm and Go packages deploying Python infostealer via VS Code auto-run tasks

Malware Activity
H score30 First: 29.06.2026 08:36 Last: 29.06.2026 08:36 Sources 1

About this happening: Hijacked **npm** and **Go** packages now deliver a **Python infostealer** through a hidden **VS Code auto-run task**, putting developer machines and credentials at risk across **W...

Mini Shai-Hulud / Miasma / Hades multi-ecosystem supply-chain malware activity

Malware Activity
H score36 First: 26.06.2026 14:05 Last: 26.06.2026 14:05 Sources 1

About this happening: The **Mini Shai-Hulud / Miasma / Hades** malware activity added **malicious npm releases**, **GitHub Actions workflow abuse**, and a related **Go module compromise**, increasing t...

Timeline

  1. 29.04.2026 17:43 2 articles · 2mo ago

    Famous Chollima PromptMink supply-chain campaign targeting Web3 developers

    Initial Disclosure

    The earliest PromptMink layer surfaced as a benign-looking **npm** SDK uploaded in **October 2025** that concealed secret-stealing behavior behind a dependency chain. That initial phase focused on compromising developer systems and harvesting credentials before later variants added broader exfiltration and backdoor capability.

    Show sources