CyberSecurity News
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware
AI summary
Researchers from OX Security, SafeDep, Socket, and StepSecurity have discovered that four npm packages in the @asyncapi namespace have been compromised. These packages are distributing a multi-stage botnet loader. The affected packages include @asyncapi/generator-helpers, @asyncapi/generator-components, @asyncapi/generator, and @asyncapi/specs with specific version numbers. The compromised packages are delivering malware to unsuspecting users. The versions of the affected @asyncapi/specs package are v6.11.2 and v6.11.2-alpha.1. The other packages have version numbers 1.1.1, 0.7.1, and 3.3.1 respectively.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

