MEDIUMSupply Chain
Global

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

·Source: SecurityWeek

Updated:

Executive Summary

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek .

Analysis

A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek .
Source Attribution

Originally published by SecurityWeek on May 20, 2026.

Related Threats

MEDIUMSupply Chain

Managing Open Source Software Risks With the HeroDevs EOL Dashboard

<div class="hs-featured-image-wrapper"> <a href="https://www.sonatype.com/blog/managing-open-source-software-risks-with-the-herodevs-eol-dashboard" title="" class="hs-featured-image-link"> <img src="https://www.sonatype.com/hubfs/blog_herodevs_eol.jpg" alt="Image of two icons side by side. One of them is a logo for the software product Sonatype Lifecycle. The other is a logo for HeroDevs." class="

Sonatype (Maven/npm)
MEDIUMSupply Chain

Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem

AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.

The Hacker News
LOWSupply Chain

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install . The attackers reached Bitwarden’s npm publishing path through a compromised GitHub Action related to the Checkmar

CVE-2026-42994CVE-2020-10148
CSO Online