Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Antv NPM Packages Compromised in Supply Chain Attack

Antv NPM Packages Compromised in Supply Chain Attack

Posted on May 21, 2026 By CWS

A sophisticated supply chain attack has been identified within the open-source software community, specifically targeting the Antv npm package ecosystem. This incident, referred to as ‘Mini Shai-Hulud,’ involved a calculated assault on a suite of widely utilized data visualization libraries, crucial for developers worldwide.

Unveiling the Attack

This attack was meticulously planned to deliver maximum impact without drawing attention. The attackers first infiltrated a maintainer’s account in the Antv organization, subsequently deploying malicious versions of key packages. This breach rapidly extended to dependent libraries, such as echarts-for-react, which boasts over a million weekly downloads.

The malicious code was rapidly propagated through numerous developer pipelines, effectively contaminating them almost instantaneously. Microsoft’s security analysts were instrumental in uncovering this attack, shedding light on the extensive capabilities of the malware involved.

Impact on Developers

According to a report shared by Microsoft with Cyber Security News, the attack featured a 499 KB obfuscated JavaScript file that executed upon the npm install command. Its primary objective was to extract credentials from GitHub Actions environments and associated cloud services, targeting six platforms including AWS, Kubernetes, and 1Password.

The malware bypassed standard secret masking by directly scraping process memory from the GitHub Actions runner. This allowed the attackers to gather sensitive information without detection.

Response and Mitigation

GitHub responded swiftly by removing 640 malicious packages and invalidating over 61,000 npm tokens with write permissions. Alerts were issued via Dependabot and npm audit warnings to assist developers in identifying the issue. Antv account representatives confirmed that the breach has been addressed.

Microsoft advises developers to scrutinize their dependency trees for any Antv package usage. Employing the npm install command with the –ignore-scripts flag, securing known-good versions, and rotating exposed credentials are essential steps. Additionally, developers should inspect GitHub accounts for any unexpected public repositories that may indicate compromise.

Future Implications

The Mini Shai-Hulud attack highlights the vulnerabilities within software supply chains. As cyber threats evolve, it is critical for developers and organizations to enhance their security measures and remain vigilant against such sophisticated attacks. Continuous monitoring and stringent security practices are vital to safeguarding against future breaches.

For more insights and updates on cybersecurity, follow us on Google News, LinkedIn, and X. Set Cyber Security News as your preferred source on Google for instant alerts.

Cyber Security News Tags:AntV, credential theft, Cybersecurity, GitHub actions, Mini Shai-Hulud, npm packages, supply chain attack

Post navigation

Previous Post: Authorities Shut Down Criminal VPN in Global Cybercrime Crackdown
Next Post: Fake Microsoft Teams Downloads Deliver ValleyRAT Malware

Related Posts

Prioritizing Vulnerabilities in a Sea of Alerts Prioritizing Vulnerabilities in a Sea of Alerts Cyber Security News
QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed QuasarRAT Core Functionalities Along with Encrypted Configuration and Obfuscation Techniques Exposed Cyber Security News
New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model New Analysis Uncovers LockBit 5.0 Key Capabilities and Two-Stage Execution Model Cyber Security News
Google Down For Most Of The Users In Turkey And Eastern Europe Google Down For Most Of The Users In Turkey And Eastern Europe Cyber Security News
State-Sponsored Actors Hijacked Notepad++ Update to Redirect Users to Malicious Servers State-Sponsored Actors Hijacked Notepad++ Update to Redirect Users to Malicious Servers Cyber Security News
Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Cross-Platform QuimaRAT MaaS Targets Multiple OS
  • TrojPix Hack Threatens Air-Gapped Computers
  • TrojPix Exploits Pixel Modulation to Leak Data
  • Critical Opera GX Flaw Exposes User Data to Hackers
  • SkillCloak Evades AI Scanners with New Techniques

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark