Find notable cyber news and cases, enriched with sources, timelines, and signals.

Asteroiddao hit by network compromise

Incident
First reported
Last updated
Happening score
H score 13
1 unique sources, 1 articles

Summary

Hide ▲

asteroiddao suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider supply-chain attack. The account was used to publish packages carrying a Rust ELF binary executed via preinstall. That compromise matters because it turned a trusted publishing identity into an infection path for developers and CI systems consuming npm packages.

Related Happenings

AsyncAPI malicious npm package supply-chain malware

Malware Activity
H score21 First: 15.07.2026 18:37 Last: 15.07.2026 18:37 Sources 1

About this happening: Malicious AsyncAPI npm releases pushed a remote access trojan and info-stealing payload into packages with more than 2.25 million weekly downloads, putting downstr...

AsyncAPI repositories and npm publishing workflow hit by network compromise

Incident
H score27 First: 15.07.2026 12:16 Last: 15.07.2026 12:16 Sources 1

About this happening: The AsyncAPI npm publishing pipeline was compromised in a July 14 supply-chain attack that used the project’s normal GitHub Actions release path to publish trojani...

Jscrambler hit by network compromise

Incident
H score15 First: 13.07.2026 22:44 Last: 13.07.2026 22:44 Sources 1

About this happening: The Jscrambler npm package suffered an unauthorized publication of a malicious version that exposed developers to infostealer theft risk. The bad release stayed li...

@Injectivelabs/[email protected] wallet-stealing package

Malware Activity
H score30 First: 10.07.2026 20:29 Last: 10.07.2026 20:29 Sources 1

About this happening: The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...

OpenMandriva Linux project hit by cyberattack

Incident
H score32 First: 10.07.2026 01:14 Last: 10.07.2026 01:14 Sources 1

About this happening: The OpenMandriva Linux project is recovering from an attempted internal sabotage that deleted repositories and published an empty package that could have damaged user...

Timeline

  1. 04.06.2026 18:25 2 articles · 1mo ago

    IronWorm infects 36 npm packages in a supply-chain attack

    Initial Disclosure

    A supply-chain attack on the Node Package Manager (npm) index infected 36 packages with IronWorm, a Rust-based infostealer that targets 86 environment variables and 20 credential files, hides behind an eBPF kernel rootkit, and communicates over Tor. The attack began from a compromised account named asteroiddao that published malicious package versions and pushed commits, using preinstall execution to seed trojanized releases that could steal credentials and self-propagate through npm. The campaign was detected very early and stopped before it spread to more popular packages on npm.

    Show sources