{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreih6tjhb5bia7htxolegfkhhhjhx5mpti5npxuee5sep22bgwmf25e",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mfk4jx7lcht2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreicwfwxgq5z6naaespjnln5f4n2fbigws6kte74f6b2pzcw7ckbdra"
    },
    "mimeType": "image/jpeg",
    "size": 242734
  },
  "path": "/2026/02/malicious-npm-packages-harvest-crypto.html",
  "publishedAt": "2026-02-23T10:20:00.000Z",
  "site": "https://thehackernews.com",
  "textContent": "Cybersecurity researchers have disclosed what they say is an active \"Shai-Hulud-like\" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.\nThe campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code embedded",
  "title": "Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens"
}