Bun is a tool tracked across 10 threat clusters and 21 intelligence report mentions on ThreatCluster. First observed November 24, 2025; most recent activity June 26, 2026.
A malicious version of the Bitwarden CLI password manager was distributed via npm, affecting version 2026.4.0 for a brief window on April 22, 2026. The attack exploited a compromised GitHub Action in Bitwarden's CI/CD…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
The NWHStealer infostealer has adopted a new distribution method utilizing the Bun JavaScript runtime, enhancing its delivery infrastructure. This Rust-based malware targets Windows systems, leveraging Bun's performance…
The Shai Hulud worm has compromised more than 26,000 public repositories in a supply chain attack. The attack targeted various npm packages, exploiting vulnerabilities that allowed unauthorized access to these…
On March 31, 2026, Anthropic inadvertently exposed the entire source code of its AI tool, Claude Code, by including a 59.8 MB source map file in a public npm package. This leak, caused by human error, allowed access to…
GitHub has released actions/checkout v7 to mitigate vulnerabilities associated with the pull_request_target workflow trigger, which has been exploited in 'pwn request' attacks. This update, announced on June 18, 2026,…
A critical vulnerability in Axios, tracked as CVE-2026-40175, was reported with a CVSS score of 9.9, suggesting potential for remote code execution (RCE) and cloud infrastructure compromise. However, analysis reveals…
The Shai-Hulud malware has re-emerged, infecting over 500 trojanized npm packages and compromising secrets from more than 25,000 developers within three days. The malicious packages, including those from popular…
Koi researchers identified a set of vulnerabilities known as 'PackageGate' in NPM, PNPM, VLT, and Bun. These flaws allow attackers to bypass supply chain protections and execute malicious code, posing risks to users of…
A new wave of the Shai-Hulud malware has compromised nearly 500 npm packages, affecting over 26,000 GitHub repositories. This self-replicating worm, which targets developers' credentials and secrets, has been linked to…