// 플랫폼
AWS에 영향을 준 비인간 식별자(NHI) 크리덴셜 유출 사고. 공개 일자 기준 정렬.
4건 인덱싱됨
On 2026-05-19 the @antv npm publisher session was used to ship 639 malicious versions across 323 packages, the Mini Shai-Hulud campaign now totals 1,055 versions across 502 packages.
npm worm hit 373 versions across 169 packages (@tanstack, @squawk, @uipath, mistralai) via trusted-publishing OIDC abuse and a prepare-script git dep that exfiltrates cloud and registry secrets at install.
A malicious build of @bitwarden/cli was published to the public npm registry for roughly 90 minutes, exfiltrating cloud tokens, SSH keys, and AI tooling credentials from CI runners and developer machines.
Malware on a CircleCI engineer's laptop stole a 2FA-backed session token, giving the attacker production access to customer environment variables and any secrets stored in CircleCI.
