NPM - SparTech Software

AI-generated malicious npm package targets Solana wallets. Drains crypto from 1,500 users before being taken down.

A newly discovered, AI-generated malicious npm package targeting Solana wallet users has resulted in significant cryptocurrency losses before it was taken down, exposing serious vulnerabilities in the software supply chain. Here’s a detailed overview of the incident and its broader implications.

Spartech Software August 1, 2025

Cybersecurity News

Hackers penetrate Toptal’s GitHub account and leverage their privileged access to inject malicious code into the npm registry.

In July 2025, prominent freelance talent platform Toptal grappled with a significant software supply chain breach after unknown threat actors penetrated its GitHub organization account. The repercussions of the attack extended far beyond source code exposure, as adversaries leveraged their privileged access to inject malicious components into the open-source ecosystem via the npm registry.

Spartech Software July 29, 2025

Cybersecurity News

Widely-used JavaScript utility package ‘is’ (and others) deliver malware through NPM package system.

In a significant software supply chain breach, the widely-used JavaScript utility package ‘is’, which receives over 2.8 million weekly downloads, was compromised and used to distribute malware through the NPM ecosystem.

Spartech Software July 23, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC