Supply chain , Threat Intelligence , AI/ML Illicit AI-assisted commit-linked npm dependency compromises crypto wallets May 1, 2026 Share By SC Staff (Credit: Araki Illustrations – stock.adobe.com) North Korean state-backed threat group Famous Chollima , also known as APT37 and Reaper, has published the malicious @validate-sdk/v2 npm package purporting to be a validation tool, which is associated with a code commit co-authored by Anthropic's Claude Opus model, to breach cryptocurrency wallets as part of the PromptMink campaign that has been underway for the past seven months, according to Infosecurity Magazine . Before the addition of the @validate-sdk/v2 package to an autonomous trading agent in February, Famous Chollima had already used a two-layer package strategy for clandestine compromise, with Web3 utility-spoofing packages seeking to lure developers as secondary dependencies enabled malware deployment, a report from ReversingLabs researchers showed. More than 300 versions of packages have already been used in the PromptMink campaign, whose payload evolved from initially focusing on sensitive data theft to eventual directory scanning for environment files and cryptocurrency-related data, system information siphoning, project folder compression prior to exfiltration, and SSH key injections for persistence. Famous Chollima's shift from JavaScript-based code to Rust-based payloads and compiled binaries has also enabled similar compromise across Windows and Linux systems. An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related Supply chain Supply chain attack against SAP npm packages facilitates credential theft SC Staff May 1, 2026 Threat actors have compromised four SAP npm packages with credential-stealing malware as part of the new mini Shai-Hulud supply chain intrusion campaign, The Hacker News reports. Data Security Vimeo confirms customer data accessed following Anodot breach SC Staff April 29, 2026 The breach was claimed by the ShinyHunters extortion group, which threatened to leak the data by April 30 if a ransom was not paid. Data Security Exposed Checkmarx data tied to March supply chain hack SC Staff April 29, 2026 Checkmarx has disclosed that its source code, API keys, MongoDB and MySQL credentials, and other sensitive information exposed by the Lapsus$ hacking operation were obtained from a GitHub repository that was breached as part of a supply chain attack by the TeamPCP threat group last month, according to The Register. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Deauthentication Attack Defacement Denial of Service Dictionary Attack Distributed Scans Domain Hijacking Dumpster Diving Hybrid Attack Reconnaissance You can skip this ad in 5 seconds