#NamastexLabs

New npm supply-chain attack self-spreads to steal auth tokens A new supply chain attack targeting the npm ecosystem has compromised multiple Namastex Labs packages to steal developer credentials and secrets while attempting to self-propagate. Researchers from Socket and StepSecurity observed credential theft, data exfiltration, and worm-like republishing behavior similar to TeamPCP's CanisterWorm, impacting packages such as pgserve and allowing cross-ecosystem spread to PyPI. #NamastexLabs #npm #CanisterWorm #pgserve #PyPI

A new npm supply-chain attack targets multiple Namastex Labs packages, stealing developer tokens and secrets while self-propagating across npm and PyPI ecosystems. Cross-ecosystem threats grow. #NamastexLabs #npmAttack #SupplyChain

Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware This report describes a worm-enabled npm supply-chain campaign that implanted install-time malware in multiple packages, harvested developer secrets and browser/wallet artifacts, exfiltrated data via an HTTPS webhook and an Internet Computer canister (cjn37-uyaaa-aaaac-qgnva-cai), and attempted self-propagation by republishing compromised packages and targeting PyPI. The activity shows strong tradecraft and code overlap with prior CanisterWorm incidents and is linked to TeamPCP–style supply chain attacks affecting packages tied to Namastex Labs' Automagik ecosystem. #TeamPCP #NamastexLabs

Namastex.ai npm packages compromised by TeamPCP-style CanisterWorm malware. Attack used install-time worms to harvest secrets, exfiltrate data via HTTPS webhook and Internet Computer canister, and targeted PyPI. #SupplyChain #NamastexLabs #USA