Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

May 18, 2026
No Comments

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below –

chalk-tempalte (825 Downloads)
@deadcode09284814/axios-util (284 Downloads)
axois-utils (963 Downloads)
color-style-utils (934 Downloads)

“One of the packages (chalk-tempalte)

Leave a Reply Cancel reply

Beyond deepfakes: Building identity resilience against AI impersonation May 15, 2026
Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery. The real question is no longer just whether a user’s identity can be verified, but whether […]
Rohan Pinto
Cyberattack on West Pharmaceutical halts manufacturing across multiple sites May 15, 2026
West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of its infrastructure to contain the incident. “We continue to make good progress in the restoration of our systems. Our […]
Kirsten Doyle
Tenable warns AI adoption is outpacing governance as cloud exposure risks surge May 15, 2026
A new report from Tenable is warning that organizations are creating what it describes as a growing “AI exposure gap,” as enterprises race to deploy AI tools and cloud-native services faster than security and governance teams can keep up. The “Cloud and AI Security Risk Report 2026” examined telemetry data gathered from public cloud and enterprise ecosystems from […]
Kirsten Doyle
What to do when your AI’s guardrails fail May 14, 2026
I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architects AI governance. For weeks at the beginning of the year, Microsoft 365 Copilot read and summarized confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured […]
Tim Freestone
Microsoft patches 138 vulnerabilities as AI-driven discovery accelerates May 14, 2026
Microsoft is poised to set a new record for yearly patching by having released patches for over 130 vulnerabilities as part of its May Patch Tuesday release, pushing Microsoft’s total number of patched vulnerabilities to over 500 in just five months in 2026. Researchers at Microsoft and other organizations said that AI-enabled vulnerability discovery systems have greatly accelerated and amplified the […]
Kirsten Doyle
Foxconn confirms cyberattack following Nitrogen ransomware claims May 14, 2026
Foxconn has confirmed that several of its North American factories were hit by a cyberattack, after the Nitrogen ransomware group claimed to have stolen 8TB of data comprising more than 11 million files. According to the bad actor, the information supposedly obtained contains private directives, project details, technical drawings, and related project documents that pertain to companies such as Intel, Apple, Google, […]
Kirsten Doyle
The evolution of cyber risk: Addressing geopolitical threats May 13, 2026
Ransomware, data breaches, phishing schemes—cyber attacks can take many forms. Traditionally, the motive of these attackers can often be traced back to some sort of tangible goal. An attacker may want to extort some financial gain from a business, while another may seek to gather sensitive information to commit other crimes, like fraud. Any breach […]
Avani Desai
Canvas cyberattack disrupts universities as ShinyHunters threatens massive data leak May 12, 2026
An attack on the popular Instructure Canvas learning management system has caused major disruptions for schools and universities in the US, just as students gear up for finals. This poses a serious threat to the personal data of millions of students and teachers. Multiple institutions reported outages affecting the web-based Canvas platform on Thursday, with […]
Kirsten Doyle
Zara Owner Inditex Confirms Customer Data Breach Affecting Nearly 200,000 People May 11, 2026
Fashion retailer Inditex, the parent company of Zara, has confirmed unauthorized access to customer transaction databases hosted by a third-party provider. Data breach notification service Have I Been Pwned said approximately 197,400 unique email addresses were included in the leaked dataset. The company said it had launched security protocols and notified the relevant authorities following the incident, Reuters […]
Kirsten Doyle
Online Safety Act failing to deliver “step change” for children, report warns May 11, 2026
A new report published by Internet Matters, reveals that the Online Safety Act (OSA) in the UK, although bringing visibility of online safety tools, does not seem to be living up to expectations of providing the much-needed “meaningful protection from harm.” In their report titled The Online Safety Act: Are Children Safer Online?, Internet Matters has highlighted a […]
Kirsten Doyle

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Developer Workstations Are Now Part of the Software Supply Chain

Leave a Reply Cancel reply

[email protected]

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Share :

Leave a Reply Cancel reply