Paquetes npm maliciosos recolectan claves crypto y secretos

Español

Diecinueve paquetes maliciosos en el registro npm están propagando un gusano conocido como SANDWORM_MODE. Estos paquetes roban claves crypto, secretos de CI, tokens de API y claves de API de IA. El robo ocurre mediante inyección MCP.

Los investigadores de seguridad han identificado 19 paquetes npm maliciosos que están recolectando activamente información sensible de los sistemas de los desarrolladores. Según informes, estos paquetes propagan un gusano llamado SANDWORM_MODE, que apunta a claves crypto, secretos de integración continua (CI), tokens de API y claves de API de IA. El software malicioso emplea la inyección MCP como su método principal para extraer y exfiltrar estos datos. npm, el popular gestor de paquetes para JavaScript y Node.js, sirve como plataforma de distribución para estas amenazas, comprometiendo potencialmente a los desarrolladores que instalan los paquetes afectados sin saberlo. Este incidente resalta los riesgos continuos en los ecosistemas de software de código abierto, donde los ataques a la cadena de suministro pueden llevar a brechas de datos generalizadas. No se proporcionaron detalles específicos sobre los nombres exactos de los 19 paquetes ni el número total de usuarios afectados en la información disponible. Se aconseja a los desarrolladores que revisen sus dependencias y utilicen herramientas para analizar vulnerabilidades en paquetes npm a fin de mitigar tales riesgos.

Artículos relacionados

Illustration depicting hackers hijacking Linux Snap Store apps to steal cryptocurrency recovery phrases, featuring a compromised Ubuntu laptop and digital seed phrase theft.
Imagen generada por IA

Attackers hijack Linux Snap Store apps to steal crypto phrases

Reportado por IA Imagen generada por IA

Cybercriminals have compromised trusted Linux applications on the Snap Store by seizing expired domains, allowing them to push malware that steals cryptocurrency recovery phrases. Security experts from SlowMist and Ubuntu contributor Alan Pope highlighted the attack, which targets established publisher accounts to distribute malicious updates impersonating popular wallets. Canonical has removed the affected snaps, but calls for stronger safeguards persist.

Researchers uncover leaked API keys on nearly 10,000 websites

Researchers analyzing 10 million web pages have identified 1,748 active API credentials from 14 major providers exposed across nearly 10,000 websites, including those run by banks and healthcare providers. These leaks could enable attackers to access sensitive data or gain control over digital infrastructure. Nurullah Demir of Stanford University described the issue as very significant, affecting even major companies.

Anthropic's Git MCP server revealed security flaws

Reportado por IA

Anthropic's official Git MCP server contained worrying security vulnerabilities that could be chained together for severe impacts. The issues were highlighted in a recent TechRadar report. Details emerged on potential risks to the AI company's infrastructure.

Tecnología

Russian hackers exploit Microsoft Office vulnerability days after patch

Linux

New SysUpdate malware variant targets Linux systems

Linux

New Linux botnet SSHStalker uses IRC for command-and-control

Wiper malware targets Poland's energy grid but causes no blackout

Researchers have attributed a failed cyberattack on Poland's electric grid to Russian state hackers, coinciding with the 10th anniversary of a similar assault on Ukraine. The wiper malware aimed to disrupt power distribution but did not succeed in knocking out electricity. Security firm ESET linked the incident to the notorious Sandworm group.

Researchers uncover new SysUpdate malware variant targeting Linux

Reportado por IA

Researchers at LevelBlue have identified a new variant of the SysUpdate malware aimed at Linux systems during a digital forensics and incident response engagement. The malware disguises itself as a legitimate system service and employs advanced encryption for command-and-control communications. By reverse-engineering it, the team created tools to decrypt its traffic more quickly.

More than 40,000 WordPress sites affected by malware flaw

A vulnerability in a popular WordPress quiz plugin has impacted over 40,000 sites, allowing potential SQL injection attacks. Security researchers have identified the flaw, urging site owners to check for exposure. The issue was reported on February 4, 2026.

Anthropic's Claude Code CLI source code leaks online

Reportado por IA

Anthropic's Claude Code command line interface source code has leaked online after a packaging error in a recent release. The incident exposed over 512,000 lines of code from nearly 2,000 TypeScript files. The company described it as human error with no sensitive data involved.

19 de marzo de 2026 22:25

Duet Night Abyss launcher spreads malware on Steam

18 de marzo de 2026 03:20

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

26 de febrero de 2026 01:40

The hacker news publishes weekly threatsday bulletin

17 de febrero de 2026 10:18

OpenClaw AI agents targeted by infostealer malware for first time

14 de febrero de 2026 06:39

SSHStalker botnet uses IRC to target Linux servers

13 de febrero de 2026 14:32

Fake Chrome AI extensions targeted over 300,000 users

11 de febrero de 2026 00:43

Researchers discover SSHStalker botnet infecting Linux servers

5 de febrero de 2026 15:05

Critical flaws discovered in n8n workflow tool

27 de enero de 2026 06:48

Zombie domains expose Snap Store to supply chain attacks

22 de enero de 2026 03:56

Malicious PyPI package impersonates SymPy to deploy XMRig miner

 

 

 

Este sitio web utiliza cookies

Utilizamos cookies para análisis con el fin de mejorar nuestro sitio. Lee nuestra política de privacidad para más información.
Rechazar