New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Published: 1 week ago (April 29, 2026 at 10:43 AM EDT)

1 min read

Source: The Hacker News

Cybersecurity researchers have discovered malicious code in an npm package after a malicious package was added as a dependency to a project by Anthropic’s Claude Opus large language model (LLM).

The package in question is @validate-sdk/v2, which is listed on npm as a utility software development kit (SDK) for hashing, validation, encoding/decoding, and secure random generation. However, its real purpose is malicious.

Back to Blog

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP‑related npm packages with credential‑stealing malware. A...

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Ravie Lakshmanan Apr 30 2026 – Supply Chain Attack / Malware !Python logohttps://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7hiQfVCFzoPBzfr5xqJ06qMjzv-...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Overview A recent supply‑chain attack that began on March 23, 2023 has exposed data from security firms Checkmarx and Bitwarden. The breach originated from Che...

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools

Image: Phishing campaign targeting organizations Overview An active phishing campaign, codenamed VENOMOUSHELPER, has been observed since at least April 2025. Th...

Related posts

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools