Npm on HackingPassion.com : root@HackingPassion.com-[~]https://hackingpassion.com/tags/npm/Recent content in Npm on HackingPassion.com : root@HackingPassion.com-[~]HugoenThu, 11 Jun 2026 12:08:30 +0200The Miasma Worm Hid in Microsoft's Code and Ran the Moment You Opened Ithttps://hackingpassion.com/miasma-worm-ai-coding-agents/Thu, 11 Jun 2026 12:08:30 +0200https://hackingpassion.com/miasma-worm-ai-coding-agents/<p>GitHub disabled <strong>73 of Microsoft&rsquo;s own repositories in 105 seconds</strong>, after a worm called <strong>Miasma</strong> planted a credential stealer inside Microsoft&rsquo;s Azure code on GitHub.</p> <p>The part that makes this different is how it ran. A developer did not need to build the project or install a package. <strong>Opening one of those repositories in an AI editor, VS Code, Claude Code, Cursor, or Gemini, was enough to set it off.</strong> 😱</p>Bitwarden CLI Backdoored on npm for 93 Minuteshttps://hackingpassion.com/bitwarden-cli-supply-chain-attack/Fri, 24 Apr 2026 11:30:31 +0200https://hackingpassion.com/bitwarden-cli-supply-chain-attack/<p>Bitwarden&rsquo;s CLI was backdoored and pushed to npm on April 22, 2026. It was live for <strong>93 minutes</strong>. Every developer who installed it during that window has to treat their <strong>entire machine as compromised</strong>. GitHub tokens, SSH keys, AWS credentials, cloud secrets. All of it.</p> <p>If you followed the Shai-Hulud story back in November 2025, this will sound familiar. That attack spread through npm and hit packages from Zapier, Postman, PostHog, and hundreds of others. <strong>132 million monthly downloads affected.</strong> Stolen credentials dumped into public GitHub repositories for anyone to find. This new attack names itself <strong>Shai-Hulud: The Third Coming</strong>, after the giant sandworms from Frank Herbert&rsquo;s Dune. The irony is that this third wave specifically targets AI tools.</p>Axios npm Supply Chain Attack: How a Fake Meeting Compromised 100 Million Downloadshttps://hackingpassion.com/axios-npm-supply-chain-attack/Sat, 04 Apr 2026 13:50:24 +0200https://hackingpassion.com/axios-npm-supply-chain-attack/<p>Axios, the JavaScript library with over <strong>100 million weekly downloads</strong>, was compromised on March 31st. For roughly three hours, every fresh install of those two versions silently dropped a <strong>remote access trojan</strong> on the machine that ran it. Windows, macOS, and Linux, all targeted. The installation completed normally, nothing flagged the change, and the backdoor was already running by the time the command finished. 😏</p> <p>Axios is a JavaScript HTTP client that developers use to send web requests from their applications. It ships inside frontend frameworks, backend services, mobile apps, and <strong>CI/CD pipelines</strong>, and if a company runs Node.js anywhere in their stack, Axios is almost certainly somewhere in that dependency tree. That is what made this attack so significant.</p>