Find notable cyber news and cases, enriched with sources, timelines, and signals.

RoshniNaveenaS's account hit by network compromise

Incident
First reported
Last updated
Happening score
H score 18
1 unique sources, 1 articles

Summary

Hide ▲

The RoshniNaveenaS account was compromised, enabling attackers to publish malicious @cap-js releases without provenance and putting downstream npm consumers at risk. The abuse used a modified workflow on a non-main branch and an extracted npm OIDC token to push poisoned packages through trusted publishing infrastructure. The incident matters because legitimate package-release mechanisms were turned into a supply-chain delivery path.

Related Happenings

GitHub npm version 12 hardens installs and token management

Security Tool/Service
H score11 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...

GitHub npm GAT publish-token mitigation guidance

Advisory/Mitigation
H score25 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...

Malicious npm and PyPI Paysafe, Skrill, and Neteller SDK packages delivering stealer malware

Malware Activity
H score37 First: 08.07.2026 22:54 Last: 08.07.2026 22:54 Sources 1

About this happening: Malicious **npm** and **PyPI** packages impersonating **Paysafe**, **Skrill**, and **Neteller** SDKs delivered **stealer malware** that siphoned secrets from developer environment...

Sapphire Sleet Mastra npm supply-chain campaign

Campaign
H score42 First: 20.06.2026 17:09 Last: 20.06.2026 17:09 Sources 1

About this happening: The **Mastra AI** supply-chain campaign was attributed to **Sapphire Sleet / BlueNoroff** after **Microsoft** said the operation compromised the **npm maintainer account "ehindero...

Easy-day-js Mastra package-publishing campaign

Campaign
H score30 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...

Timeline

  1. 29.04.2026 19:26 2 articles · 2mo ago

    RoshniNaveenaS's account hit by network compromise

    Initial Disclosure

    On **April 29, 2026**, attackers compromised the **RoshniNaveenaS** account for the **@cap-js** packages and used a modified workflow to obtain publishing capability. The first phase ended when the malicious packages were published **without provenance** through an extracted **npm OIDC token**.

    Show sources