Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RoshniNaveenaS's account hit by network compromise

Incident
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

The RoshniNaveenaS account was compromised, enabling attackers to publish malicious @cap-js releases without provenance and putting downstream npm consumers at risk. The abuse used a modified workflow on a non-main branch and an extracted npm OIDC token to push poisoned packages through trusted publishing infrastructure. The incident matters because legitimate package-release mechanisms were turned into a supply-chain delivery path.

Related Happenings

Laravel Lang organization hit by network compromise

Incident
First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: The **Laravel Lang organization** suffered a **repository compromise** that let attackers rewrite **GitHub tags** and ship malicious code through **Composer** installs. The affect...

Open Happening

Packagist package.json hook supply chain attack campaign

Campaign
First: 23.05.2026 19:07 Last: 23.05.2026 19:07 Sources 1

About this happening: A **coordinated supply chain attack campaign** compromised **eight Packagist packages**, creating repeat execution risk for projects that install the affected versions. The malici...

Open Happening

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Inactive maintainer account 'atiertant' hit by network compromise

Incident
First: 15.05.2026 20:10 Last: 15.05.2026 20:10 Sources 1

About this happening: The **inactive maintainer account 'atiertant'** for **node-ipc** was **compromised**, enabling malicious package releases that could steal credentials from downstream installation...

Open Happening

TanStack hit by network compromise

Incident
First: 12.05.2026 17:45 Last: 12.05.2026 17:45 Sources 1

About this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...

Latest development: 21.05.2026 11:00

On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

Open Happening

Timeline

  1. 29.04.2026 19:26 2 articles · 28d ago

    RoshniNaveenaS's account hit by network compromise

    Initial Disclosure

    On **April 29, 2026**, attackers compromised the **RoshniNaveenaS** account for the **@cap-js** packages and used a modified workflow to obtain publishing capability. The first phase ended when the malicious packages were published **without provenance** through an extracted **npm OIDC token**.

    Show sources
    Open in new tab