HackingPassion.comNpm
3 posts
The Miasma Worm Hid in Microsoft's Code and Ran the Moment You Opened It
GitHub disabled 73 of Microsoft’s own repositories in 105 seconds, after a worm called Miasma planted a credential stealer inside Microsoft’s Azure …
Bitwarden CLI Backdoored on npm for 93 Minutes
Bitwarden’s CLI was backdoored and pushed to npm on April 22, 2026. It was live for 93 minutes. Every developer who installed it during that window has to …
Axios npm Supply Chain Attack: How a Fake Meeting Compromised 100 Million Downloads
Axios, the JavaScript library with over 100 million weekly downloads, was compromised on March 31st. For roughly three hours, every fresh install of those two …