Securityaffairs.Co
PackageGate Vulnerabilities Affect Major JavaScript Package Managers
First seen 28 Jan 2026, 20:19 UTC
•
•100% similarity
•31.5
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Koi researchers identified a set of vulnerabilities known as 'PackageGate' in NPM, PNPM, VLT, and Bun. These flaws allow attackers to bypass supply chain protections and execute malicious code, posing risks to users of these package managers. Microsoft has also issued emergency updates for a separate Office zero-day vulnerability, CVE-2026-21509.
ThreatCluster AI