Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Supply Chain Attack Targets art-template npm Package

Supply Chain Attack Targets art-template npm Package

Posted on May 22, 2026 By CWS

A widely-utilized JavaScript library, known as art-template, has been compromised in a sophisticated supply chain attack that deployed an iOS browser exploit kit. This breach allowed malicious code to be inserted into users’ browsers, transforming typical web applications into vectors targeting Apple device users globally.

The Genesis of the Attack

The attack initiated when art-template’s npm package, initially maintained by a developer identified as ‘aui,’ was transferred to an unknown individual. Under this new management, the package was swiftly weaponized. Reports pointing out unusual behavior were deleted, and malicious versions continued to be distributed to obscure the attack from discovery.

Socket.dev’s researchers reported to Cyber Security News (CSN) that their investigation connected this operation to the Coruna exploit kit, previously documented as an iOS exploit framework. Their study, titled ‘Coruna Respawned,’ indicated that the backdoored package’s method of delivery paralleled patterns seen in the earlier framework, suggesting direct reuse or a closely related derivative.

Details of the Exploit

The compromised versions of the package rolled out an increasing series of injections across multiple updates. Version 4.13.3 concealed a loader using encoding to connect to an external domain. Subsequent versions, 4.13.5 and 4.13.6, eliminated obfuscation, embedding a plaintext script loader into the browser bundle file. As a result, any web application incorporating these versions silently executed the exploit kit in every user’s browser.

Given the package’s extensive use in JavaScript projects worldwide, the scope of exposure was significant. Developers unknowingly became conduits for a targeted mobile attack against their users, with no visible changes to alert them.

Technical Mechanisms and Mitigation

The core of the malicious activity revolves around a JavaScript implant that acts as a watering hole exploit delivery mechanic. Once deployed via the compromised npm package, it discreetly profiles each site visitor. Activation occurs only on Safari running on specific iOS versions, and it silently exits on other browsers and iOS versions above 17.2.

Upon identifying a matching device, the implant transmits the victim’s IP address, iOS version, and a tracking code to a command-and-control server every ten seconds. Anti-bot checks ensure the target is genuine before the final payload is deployed, tailored to the victim’s iOS version.

Developers are advised to audit dependency trees for art-template versions 4.13.3 to 4.13.6. Essential mitigation steps include locking dependencies, reviewing browser bundle outputs for unexpected loaders, and monitoring network requests from JavaScript applications.

The meticulous nature of the attack, marked by browser-level exploitation rather than traditional phishing, highlights the need for rigorous security scrutiny and immediate action for any application using the affected versions.

Cyber Security News Tags:Apple device security, art-template, browser security, Coruna exploit, Cybersecurity, dependency audit, iOS exploit, JavaScript, Malware, npm package, Safari exploit, security review, supply chain attack, Vulnerability, watering-hole attack

Post navigation

Previous Post: Russian Cyber Threats Intensify: RDP, VPN, and Social Tactics
Next Post: Hackers Exploit Middle Eastern Telecoms for Cyber Operations

Related Posts

New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches New SmartAttack Steals Sensitive Data From Air-Gapped Systems via Smartwatches Cyber Security News
North Korea Leverages Modular Malware to Evade Detection North Korea Leverages Modular Malware to Evade Detection Cyber Security News
Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups Aembit Named to Rising in Cyber 2025 List of Top Cybersecurity Startups Cyber Security News
Exploit Targets Windows Snipping Tool Vulnerability Exploit Targets Windows Snipping Tool Vulnerability Cyber Security News
Ransomware Attack on Romanian Waters Authority Ransomware Attack on Romanian Waters Authority Cyber Security News
Fortra GoAnywhere Vulnerability Exploited as 0-day Before Patch Released Fortra GoAnywhere Vulnerability Exploited as 0-day Before Patch Released Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Ubiquiti Exposes 25 Critical UniFi Security Flaws
  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark