Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A second threat actor leveraged the leaked Shai-Hulud infostealer toolkit to publish four malicious npm packages typosquatting the widely used Axios HTTP library. Any Node.js development or CI/CD environment that installed chalk-tempalte, @deadcode09284814/axios-util, axois-utils, or color-style-utils may have exposed AWS, GCP, and Azure cloud credentials alongside cryptocurrency wallet data. The campaign also includes a DDoS botnet recruitment module, meaning affected systems may be actively participating in attacks.

Author

Tech Jacks Solutions