New Blog: Mini Shai-Hulud "Miasma" Hits @redhat-cloud-services: 32 Packages at Risk
Edit Calendar Icon 1 Jun 2026
SafeDep Logo
malware npm

changelog-logger-utilities

discovered 2026-05-28

Contagious Trader package published by toskypi (Mar 15, 2026). Exfiltrates to changelog[.]rest. Attributed to DPRK Famous Chollima via toskypi identity.

Threat types

credential_stealer data_exfiltration

Malicious versions

  • 1.0.0

Campaigns

Indicators

Read the full analysis →