Back to all news
Security

​ ​AsyncAPI npm packages infected with credential-stealing malware

BleepingComputer·July 15, 2026·1 min read
​ ​AsyncAPI npm packages infected with credential-stealing malware

Five malicious versions of AsyncAPI packages were published to the Node Package Manager (npm) in a supply-chain attack that delivered a remote access trojan with info-stealing capabilities. The infected packages targeted developers, compromising credentials and system access. Users are advised to audit their dependencies and update to the latest secure versions immediately to mitigate the threat.

Read at BleepingComputer
Daily crypto arcade

Read the news, then play it.

Chainshorts turns crypto headlines into a daily game. Catch up in 60 words, then jump into daily lucky draws for a shot at the pot.

Open ChainshortsGet it on the Solana dApp Store