stepsecurity.io

Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp (opens in new tab)

Covered by 12 sources See all sources covering this story including BleepingComputer, This Week In 4n6Discussed on Hacker News

self-replicating worm is spreading across the npm registry using binding.gyp, a file that triggers code execution during npm install without touching package.json scripts. The attack bypasses conventional security tools and has already compromised dozens of packages across multiple maintainer accounts.

Read the original article
Sign in to keep reading the full article.
Sign UpLog In

Covered in 13 articles

BleepingComputer·

New IronWorm malware hits 36 packages in npm supply-chain attack

Discussed on Hacker News
Feeds
This Week In 4n6·

Week 23 – 2026

Feeds
theregister·

GitHub nukes 70+ Microsoft repos, breaks CI/CD pipelines, following suspected worm infections

Discussed on Hacker News
Feeds
View all 13 ›

Keyboard Shortcuts

Navigation

Next / previous post
j/k
Open post
oorEnter
Preview post
v

Post Actions

Love post
a
Like post
l
Dislike post
d
Undo reaction
u
Save / unsave
s

Recommendations

Add interest / feed
Enter
Not interested
x

Go to

Home
gh
Interests
gi
Feeds
gf
Likes
gl
History
gy
Changelog
gc
Settings
gs
Discover
gb
Search
/

General

Show this help
?
Submit feedback
!
Close modal / unfocus
Esc

Press ? anytime to show this help