Skip to main content
CyberConfirmedHighDevelopingFeatured
10.0

Compromised AsyncAPI npm packages distribute multi-stage botnet loader

Threat actors injected malicious code into five versions of four AsyncAPI npm packages, successfully bypassing security checks by including valid provenance attestations. The malware executes upon module loading rather than installation, indicating a sophisticated supply chain compromise that undermines trust in automated build verification.

The Hacker News3 days agoCredibility 52%View source

Score Breakdown

Mosaic Score10.0
Confidence0.9
Significance0.8
Source credibility0.5

Intelligence Tags

Entities

concept
Source

Related signals

4 found