SlowMist: Multiple npm packages and Python SDKs attacked by 'mini bugs'

According to SlowMist threat intelligence, npm packages such as AntV and Echarts for react, as well as Python SDK durabletask, have recently been subjected to a "mini Sandworm" supply chain attack. On May 19th, the npm account atool was hacked, and the attacker released 637 malicious versions within 22 minutes, involving 317 packages. On May 20th (UTC+8) from 00:19 to 00:54, durabletask versions 1.4.1 to 1.4.3 were continuously uploaded, posing as official Microsoft releases. The GitHub token leak and Grafana Labs ransomware incident may be related to this attack.

24/7 Flashes

More >

Today 2026-05-20

05:10

SlowMist: Multiple npm packages and Python SDKs attacked by 'mini bugs'

24/7 Flashes

SlowMist: Multiple npm packages and Python SDKs attacked by 'mini bugs'

BTC breaks through the $77000 mark

CRS 2.0 is accelerating its implementation, with Hong Kong, China planning to implement it before 2028

Two American men arrested for breaking into a Japanese zoo

South Carolina Governor signs bill to protect Bitcoin rights

24/7 Flashes

SlowMist: Multiple npm packages and Python SDKs attacked by 'mini bugs'

BTC breaks through the $77000 mark

CRS 2.0 is accelerating its implementation, with Hong Kong, China planning to implement it before 2028

Two American men arrested for breaking into a Japanese zoo

South Carolina Governor signs bill to protect Bitcoin rights