Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Monday, May 18, 2026 at 08:57 AM UTC·Source: The Hacker News

Updated: Monday, May 18, 2026 at 11:00 AM UTC

Executive Summary

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte)

Analysis

Source Attribution

Originally published by The Hacker News on May 18, 2026.

Related Threats

MEDIUMSupply Chain

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

2h agoThe Hacker News

MEDIUMSupply Chain

First Shai-Hulud Worm Clones Emerge

At least one threat actor has adopted the recently released malware source code in attacks against NPM developers. The post First Shai-Hulud Worm Clones Emerge appeared first on SecurityWeek .

4h agoSecurityWeek

CRITICALSupply Chain

AI coding is fueling a secrets-sprawl crisis few CISOs are containing

When Matt Schlicht built Moltbook, the social network where AI agents talk to one another, he didn’t write the code himself . He “just had a vision,” and vibe-coded it. The social network launched on Jan. 28, 2026, and within days, security researchers started to see serious security flaws. Experts at cloud security company Wiz and, independently, researcher Jameson O’Reilly, discovered that Molt

5h agoCSO Online