00:00
2026-06-04
semgrep.dev
ai-safety
Miasma v2: Self-Spreading npm Worm Now Uses Malicious binding.gyp file and Compromises 57 Packages
A self-spreading npm worm called Miasma v2 compromised 57 packages across 286+ malicious versions by using a malicious binding.gyp file to trigger arbitrary code execution during npm install, without โฆ