JFrog Security Real Time Posts

JFrog Security Research analyzed the May 19 Shai-Hulud wave across npm and PyPI, where compromised packages used install-time and import-time execution, encrypted credential theft, GitHub dead-drop exfiltration, AI-tool persistence, npm OIDC abuse, lateral movement through AWS SSM and Kubernetes, and an evolved dead-man switch.

The JFrog Security Research team analyzed the Shai-Hulud: Here We Go Again package compromise spanning npm and PyPI, combining CI/CD credential theft, encrypted exfiltration, persistence, worm-like package propagation, and an updated PyPI credentials stealer.

New versions of the malicious npm package `js-logger-pack`, including `1.1.27`, have shifted exfiltration to Hugging Face. Earlier versions already used the platform as a malware CDN; SafeDep documented that earlier phase. What is new is that the operator now outsources stolen data storage to private Hugging Face datasets rather than hosting it on the C2 server directly.

JFrog security researchers identified a hijacked npm package published as @bitwarden/cli version 2026.4.0, impersonating the legitimate Bitwarden command line client.

The JFrog security research team recently identified a supply chain attack targeting the `xinference` package on PyPI. Versions 2.6.0, 2.6.1, and 2.6.2 were compromised and yanked by maintainers after users reported suspicious behavior. If you installed or imported these versions, you must assume your environment is compromised.

JFrog Security researchers have discovered a multi-vector malware campaign distributing the XWorm RAT through both npm packages and a fake game website, targeting Discord users with social engineering tactics.

A malicious PyPI package disguised as a Tor-routed AI proxy abuses a Tunisian university's private AI infrastructure, bundles a stolen 246K-character Anthropic Claude system prompt, and silently exfiltrates every user prompt and response to the attacker's Supabase database.

The JFrog security research team recently identified a supply chain attack targeting the `axios` npm package. If you installed `axios@1.14.1`, or `axios@0.30.4` you must assume your environment is compromised.

The JFrog Security research team identified a malicious npm package undicy-http (version 2.0.0) masquerading as the popular undici HTTP client library. Despite its name, the package contains zero HTTP client functionality.

On March 27th, the telnyx popular PyPI library was compromised. new versions of telnyx were uploaded to PyPI, 4.87.1 and 4.87.2. Both contains malicous payload, this compromise is linked to TeamPCP