Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A supply chain attack is actively spreading through the npm registry by abusing a file most security tooling never looks at: binding.gyp. Instead of relying on the well-monitored preinstall or postinstall lifecycle scripts, the malware ships a weaponized binding.gyp that triggers node-gyp to execute attacker-controlled code automatically during npm install.

On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bitwarden, and 1Password.

Version 2026.4.0 of the widely-used @bitwarden/cli npm package (78,000 weekly downloads) has been identified as malicious. The package contains a sophisticated multi-stage credential theft worm that explicitly names itself "Shai-Hulud: The Third Coming", a direct callback to previous Shai-Hulud supply chain campaigns, and targets developer credentials including SSH keys, cloud secrets, and even MCP configuration files.

On March 31, 2026, two malicious versions of axios were published to npm, , using credentials stolen from a lead axios maintainer. The attacker injected a hidden dependency into both releases that drops a remote access trojan (RAT) on any machine that ran npm install during the exposure window. No CVE identifier has been assigned at the time of writing. The malicious dependency executes automatically at install time via a postinstall hook, without any action by the developer.

On March 31, 2026, two malicious versions of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency that deployed a cross-platform remote access trojan (RAT) to any machine that ran npm install (or equivalent in other package managers like Bun) during a two-hour window. The malicious versions (1.14.1 and 0.30.4) were removed from npm by 03:29 UTC.

CVE-2025-55131 is a high-severity buffer allocation race condition vulnerability in Node.js that can lead to uninitialized memory exposure when using the vm module with execution timeouts. This vulnerability is part of a coordinated Node.js security update addressing eight vulnerabilities across all active release lines.

Jan 13, 2026 Vibe Coding and GenAI Security: Balancing Speed with Risk Read More Natalie Tischler Jan 8, 2026 Top 10 Challenges in DevSecOps Adoption Read More Natalie Tischler Jan 6, 2026 Looking Ahead at 2026 with Gartner: How Smarter Teams and Tools Are Making Application Security a Breeze Read More Joe Ariganello.

Once again, the npm supply chain has been compromised, putting developers relying on these vital open source components at risk. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered. This is not an isolated incident. It’s a continuation of an existing campaign that is now abusing CI/CD pipelines, and GitHub automation to spread faster and steal more secrets than before.

(Nov 24, 2025) JFrog continues to track, provide research and document another wave of the Shai-Hulud Software Supply Chain Attack which was originally reported by the JFrog Security Research team on 16-Sep-2025. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 796 new malicious packages across leading public registries.