New IronWorm malware hits 36 packages in NPM supply-chain attack
Vulnerabilities & Exploits, Security, DevOps & Infrastructure(bleepingcomputer.com)view on HackerNews
IronWormnpmsupply-chain attackmalwareinfostealerRusteBPF kernel rootkitTor networkcredential filesOpenAIAWSAnthropic
Author: yogthos
Date: 6/5/2026
Article Summary:
A new supply-chain attack, IronWorm, has infected 36 packages on the Node Package Manager (npm) index with infostealer malware, targeting environment variables and credential files.