Slow Fog: node-ipc has been compromised again, with three malicious versions carrying credential-stealing payloads

2026-05-15 08:40:53

Collection

The Chief Information Security Officer of Slow Fog, 23pds, disclosed on platform X that node-ipc has been compromised again. The released three malicious versions of node-ipc (9.1.6, 9.2.3, 12.1) carry the same credential-stealing payload, with the package being downloaded over 10 million times per week.

source

warnning

Risk warning

Related tags

node-ipc information security malware

Related reading

A high-risk vulnerability named "Cordyceps" has been exposed, affecting open-source repositories of major companies such as Microsoft and Google

2026-06-25 14:51

Microsoft announces a new type of encrypted clipboard Trojan software threat that can stealthily spread and hijack digital asset wallet addresses

2026-06-19 12:34

Microsoft reveals a new type of cryptocurrency-stealing Trojan called Crypto Clipper, which has infected multiple Windows devices since February of this year

2026-06-19 11:13

Shai-Hulud Hades new variant attacks PyPI, using Python to Bun cross-runtime chain to steal credentials

2026-06-12 20:57

Related tags

node-ipc information security malware

app_icon

ChainCatcher Building the Web3 world with innovations.