Find notable cyber news and cases, enriched with sources, timelines, and signals.

SuccessKey ViteVenom ChainVeil supply-chain campaign targeting Vite developers

Campaign
First reported
Last updated
Happening score
H score 8
1 unique sources, 1 articles

Summary

Hide ▲

The SuccessKey-linked ViteVenom campaign is targeting Vite developers with seven malicious npm packages and a blockchain-based C2 path that delivers a RAT. The operation matters because it uses typosquatted package names and public-chain infrastructure to make takedown and detection harder while enabling credential harvesting and file exfiltration.

Related Happenings

ViteVenom malicious npm packages delivering blockchain-backed RAT

Malware Activity
H score3 First: 17.07.2026 21:54 Last: 17.07.2026 21:54 Sources 1

How related: Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.

About this happening: A cluster of seven malicious npm packages has targeted the Vite frontend ecosystem, delivering a blockchain-backed RAT loader that can harvest credentials and exfiltra...

Compromised @asyncapi npm packages distributing the Miasma loader

Malware Activity
H score29 First: 15.07.2026 12:16 Last: 15.07.2026 12:16 Sources 1

About this happening: Four compromised @asyncapi npm packages now deliver a multi-stage botnet loader when imported, exposing consumers to Miasma payloads during normal Node.js module load....

@Injectivelabs/[email protected] wallet-stealing package

Malware Activity
H score30 First: 10.07.2026 20:29 Last: 10.07.2026 20:29 Sources 1

About this happening: The malicious @injectivelabs/[email protected] package is a wallet-stealing malware activity that can expose private keys and mnemonic seed phrases when library functions...

Malicious npm and PyPI payment SDK typosquat packages

Malware Activity
H score40 First: 09.07.2026 18:09 Last: 09.07.2026 18:09 Sources 1

About this happening: The 17 malicious npm and PyPI packages targeted Paysafe, Skrill, and Neteller SDKs to steal system information and developer secrets, then send the data to an Ng...

Rollup polyfill npm package malware activity for remote access and data theft

Malware Activity
H score16 First: 03.07.2026 19:07 Last: 03.07.2026 19:07 Sources 1

About this happening: Malicious npm packages disguised as Rollup polyfill tooling are now delivering remote-access and data-theft payloads to developer workstations and build machines. The...

Timeline

  1. 17.07.2026 21:54 1 articles · 2h ago

    SuccessKey-linked ViteVenom wallets are activated

    Exploitation Observed

    Cryptocurrency wallets linked to ViteVenom were activated on February 27, 2026, showing malicious activity tied to the SuccessKey-attributed campaign before the later discovery of the npm package cluster.

    Show sources
  2. 17.07.2026 21:54 1 articles · 2h ago

    Checkmarx identifies seven malicious Vite npm packages

    Initial Disclosure

    Checkmarx identified seven malicious npm packages aimed at the Vite frontend tooling ecosystem, said the campaign is attributed to SuccessKey, and described scoped typosquats that impersonate the "@vitejs/*" namespace while using a four-tier blockchain C2 across Tron, Aptos, and Binance Smart Chain to deliver a RAT with reverse shell access, credential harvesting, file exfiltration, and persistent backdoor injection. The packages were published between June 29 and July 3, 2026, and the malicious code executes at import time rather than install time.

    Show sources