> TritonInfoSec News
Home / May 19, 2026 / Story
0
#9 The Hacker News general May 18, 2026 at 08:57 UTC

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

By [email protected] (The Hacker News)

AI Summary

Four malicious npm packages — chalk-tempalte (825 downloads), @deadcode09284814/axios-util (284 downloads), axois-utils (963 downloads), and color-style-utils (934 downloads) — were found delivering infostealers and Phantom Bot DDoS malware. One package is a direct clone of the Shai-Hulud worm, whose source code was recently open-sourced by TeamPCP, confirming fears that public release of the worm's code would accelerate adversarial adoption. Developers using npm should audit dependencies for these package names and rotate any credentials present in affected environments.

Read full article → https://thehackernews.com/2026/05/four-malicious-n…

Relevance score: 80.0/100

# More from May 19

  1. 1
    CISA Admin Leaked AWS GovCloud Keys on Github Krebs on Security
  2. 2
    Microsoft Exchange Zero-Day Under Attack, No Patch Available Dark Reading
  3. 3
    Grafana Confirms Breach After Hackers Claim They Stole Data SecurityWeek
  4. 4
    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems The Hacker News
  5. 5
    Zero-Day Exploit Against Windows BitLocker Schneier on Security
  6. 6
    Exploitation of Critical NGINX Vulnerability Begins SecurityWeek
  7. 7
    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 BleepingComputer
  8. 8
    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws The Hacker News
  9. 10
    7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand SecurityWeek