JFrog Security Research

JFrog Security Real Time Posts

Last Updated On 23 Apr, 2026

js-logger-pack Operator Turns Hugging Face into a Malware CDN and Exfiltration Backend

New versions of the malicious npm package `js-logger-pack`, including `1.1.27`, have shifted exfiltration to Hugging Face. Earlier versions already used the platform as a malware CDN; SafeDep documented that earlier phase. What is new is that the operator now outsources stolen data storage to private Hugging Face datasets rather than hosting it on the C2 server directly.

Published on 23 Apr, 2026

Real Time Post

TeamPCP Campaign Spreads to npm via a Hijacked Bitwarden CLI

Meitar Palas, JFrog Security Researcher

JFrog security researchers identified a hijacked npm package published as @bitwarden/cli version 2026.4.0, impersonating the legitimate Bitwarden command line client.

Published on 23 Apr, 2026

Real Time Post

TeamPCP strikes again: Xinference PyPI package compromised

Shavit Satou, JFrog Security Researcher

The JFrog security research team recently identified a supply chain attack targeting the `xinference` package on PyPI. Versions 2.6.0, 2.6.1, and 2.6.2 were compromised and yanked by maintainers after users reported suspicious behavior. If you installed or imported these versions, you must assume your environment is compromised.

Published on 22 Apr, 2026

Real Time Post

Astral Injection: From Fake VideoGame to XWorm RAT via npm and Discord

Meitar Palas and Shavit Satou, JFrog Security Researchers

JFrog Security researchers have discovered a multi-vector malware campaign distributing the XWorm RAT through both npm packages and a fake game website, targeting Discord users with social engineering tactics.

Published on 15 Apr, 2026

Real Time Post

hermes-px: The 'Privacy' AI Proxy That Steals Your Prompts, Containing Altered Claude Code System Prompt

Guy Korolevski, JFrog Security Researcher

A malicious PyPI package disguised as a Tor-routed AI proxy abuses a Tunisian university's private AI infrastructure, bundles a stolen 246K-character Anthropic Claude system prompt, and silently exfiltrates every user prompt and response to the attacker's Supabase database.

Published on 5 Apr, 2026

Real Time Post

Cross-Platform Threat - Axios Package Compromise

Shavit Satou, JFrog Security Researcher

The JFrog security research team recently identified a supply chain attack targeting the `axios` npm package. If you installed `axios@1.14.1`, or `axios@0.30.4` you must assume your environment is compromised.

Published on 31 Mar, 2026

Real Time Post

LofyGang Returns: From Fake undici to Full System Compromise via Parallel Data Theft

Meitar Palas, JFrog Security Researcher

The JFrog Security research team identified a malicious npm package undicy-http (version 2.0.0) masquerading as the popular undici HTTP client library. Despite its name, the package contains zero HTTP client functionality.

Published on 31 Mar, 2026

Real Time Post

TeamPCP strikes again - telnyx popular PyPI library compromised

Guy Korolevski, JFrog Security Researcher

On March 27th, the telnyx popular PyPI library was compromised. new versions of telnyx were uploaded to PyPI, 4.87.1 and 4.87.2. Both contains malicous payload, this compromise is linked to TeamPCP

Published on 27 Mar, 2026

Real Time Post

Langflow CVE-2026-33017: Latest 'fixed' version is still exploitable

Aviv Engelberg and Ofri Ouzan, JFrog Security Researchers

The JFrog Security Research team has identified that Langflow version 1.8.2, which is widely reported as patched for CVE-2026-33017, remains vulnerable to remote code execution

Published on 26 Mar, 2026

Popular litellm Python package is the latest victim of TeamPCP's ongoing supply chain attack

Real Time Post

Guy Korolevski and Andrii Polkovnychenko, JFrog Security Researchers

On March 24th, the litellm popular PyPI library was compromised. new versions of litellm were uploaded to PyPI, 1.82.7 and 1.82.8. Both contains malicous payload, this compromise is linked to TeamPCP

Published on 24 Mar, 2026