Npm-Malware

3 reports

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

ATLAS OWASP HIGH The Hacker News May 29, 2026 ▲ 8.2

Malicious npm Package Targets Claude AI Users via Supply Chain Attack

A malicious npm package named 'mouse5212-super-formatter' was discovered exfiltrating files from Anthropic's Claude AI user directory by authenticating to a threat actor-controlled GitHub repository. …

AML.T0010 - ML Supply Chain Compromise AML.T0057 - LLM Data Leakage AML.T0012 - Valid Accounts

ATLAS OWASP CRITICAL The Hacker News May 13, 2026 ▲ 9.2

Mini Shai-Hulud Supply Chain Worm Compromises Mistral AI, Guardrails AI and TanStack Packages

The TeamPCP threat actor has executed a broad supply chain campaign dubbed Mini Shai-Hulud, injecting credential-stealing malware into npm and PyPI packages from major AI and developer tooling …

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0018 - Backdoor ML Model

ATLAS OWASP HIGH The Hacker News Apr 30, 2026 ▲ 8.5

DPRK Actors Use Claude LLM to Inject Malware Into npm Supply Chain

North Korean threat group Famous Chollima (Shifty Corsair) has weaponised AI-assisted code generation to embed malicious npm packages into autonomous AI agent projects, targeting cryptocurrency …

AML.T0010 - ML Supply Chain Compromise AML.T0047 - ML-Enabled Product or Service AML.T0019 - Publish Poisoned Datasets