Developer Compromise 8

• Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Apr 30, 2026
• Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Apr 22, 2026
• Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware Apr 21, 2026
• CanisterWorm: npm Publisher Compromise Deploys Backdoor Across 29+ Packages Mar 20, 2026
• GlassWorm Loader Hits Open VSX via Developer Account Compromise Jan 31, 2026
• Shai Hulud Strikes Again (v2) Nov 24, 2025
• Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Sep 15, 2025
• npm 'is' Package Hijacked in Expanding Supply Chain Attack Jul 22, 2025