Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Massive npm Supply Chain Attack Targets Antv Packages

Massive npm Supply Chain Attack Targets Antv Packages

Posted on May 19, 2026 By CWS

The npm ecosystem has been rocked by a major supply chain attack, compromising hundreds of JavaScript packages associated with the @antv data visualization library. This widespread breach, which occurred on May 19, 2026, has affected millions of developers globally by inserting malicious code into popular packages.

Scope of the npm Breach

The attack was orchestrated through a compromised npm maintainer account, ‘atool’, which was used to distribute infected versions of well-known packages. Notably, the widely-used echarts-for-react package, which records about 1.1 million weekly downloads, was among the impacted packages. The breach extended beyond @antv packages, affecting other unrelated packages like timeago.js and canvas-nest.js, marking it as one of the largest incidents in recent npm history.

Detection and Analysis

Researchers at Socket.dev quickly identified the malicious activity, categorizing affected versions as malware within minutes of their release. According to a report shared with Cyber Security News (CSN), 639 compromised package versions were detected across 323 unique packages during what was termed the ‘5/19 Mini Shai-Hulud wave’. The broader campaign tracked by Socket.dev includes 1,055 versions spanning npm, PyPI, and Composer registries, with the npm ecosystem bearing the brunt of the attack.

Technical Details and Impact

The malicious code is linked to the Mini Shai-Hulud malware family and is designed to execute payloads during package installation. It employs a sophisticated encryption scheme to conceal data exfiltration, targeting sensitive developer and CI/CD environment information like GitHub tokens and AWS credentials. If a GitHub token is acquired, the malware can use GitHub’s infrastructure for data exfiltration, making detection challenging. Approximately 1,900 repositories associated with this campaign have been identified, employing Dune-themed names as identification markers.

Organizations affected by this breach should immediately review and audit package updates from the @antv and related npm namespaces. Rotating credentials and scrutinizing CI/CD logs for unauthorized GitHub activity are strongly recommended to mitigate potential damage.

Indicators of Compromise (IoCs) have been shared to assist in identifying affected systems. These include specific domains, URLs, and GitHub repository patterns linked to the attack. Developers are urged to stay vigilant and secure their environments against further threats.

Stay updated on the latest developments by following us on Google News, LinkedIn, and X. Make CSN your preferred news source on Google for immediate updates.

Cyber Security News Tags:AntV, Cybersecurity, data breach, data visualization, developer tools, GitHub, JavaScript, malicious code, Malware, NPM, open source security, Socket.dev, Software Security, supply chain attack, threat actor

Post navigation

Previous Post: Compromised Nx Console Targets VS Code with Credential Theft
Next Post: DirtyDecrypt Vulnerability Exposes Linux Kernel Risk

Related Posts

Evolution of DDoS Attacks Mitigation Strategies for 2025 Evolution of DDoS Attacks Mitigation Strategies for 2025 Cyber Security News
LexisNexis Breach Exposes Data from AWS Servers LexisNexis Breach Exposes Data from AWS Servers Cyber Security News
Akira Ransomware Uses SonicWall VPN Exploit to Exfiltrate Sensitive Data Akira Ransomware Uses SonicWall VPN Exploit to Exfiltrate Sensitive Data Cyber Security News
Legacy WebBrowser Control Exploits Lead to RCE Legacy WebBrowser Control Exploits Lead to RCE Cyber Security News
Rust-Based Ransomware Threatens Global Industries Rust-Based Ransomware Threatens Global Industries Cyber Security News
APT36 Hackers Used Python-Based ELF Malware to Target Indian Government Entities APT36 Hackers Used Python-Based ELF Malware to Target Indian Government Entities Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing
  • Avalon Malware Framework Unveils CrownX Ransomware

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark