09:36
2026-06-04
stepsecurity.io
ai-infrastructure
Miasma NPM Supply Chain Attack: Self-Spreading Worm via Phantom Gyp
An attacker compromised 57 npm packages across 286+ malicious versions in a two-hour campaign on June 3, 2026, targeting the official Vapi.ai voice AI server SDK with 408,000+ monthly downloads and doโฆ