On June 3, 2026, a highly coordinated supply chain attack compromised 57 npm packages across multiple maintainer accounts. The rapid campaign, lasting less than 2 hours, heavily impacted popular tools such as @vapi-ai/server-sdk and ai-sdk-ollama. Security researchers have identified the payload as a new variant of the “Miasma” worm. This self-spreading malware targeted Red Hat […]
The post Malicious binding.gyp Campaign Targets npm Packages Across Maintainer Accounts appeared first on Cyber Security News.