<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

Hackers Hijack Toptal's GitHub to Spread Malicious npm Packages

Cybercriminals compromised Toptal's GitHub, publishing 10 malicious npm packages that stole tokens and wiped systems. Attack method unknown; Toptal has restored safe versions. Learn more about this supply chain attack.
Content Team
By Content Team
Last updated:

Cybercriminals compromised Toptal's GitHub account and published 10 malicious npm packages that downloaded 5,000 times before removal. The packages contained code designed to steal GitHub authentication tokens and completely wipe victim systems using destructive commands. All packages targeted the same preinstall and postinstall scripts, sending stolen data to webhook endpoints before silently deleting files on Windows and Linux machines.

Toptal has since restored safe versions, but the attack method remains unknown. This follows similar supply chain attacks targeting npm and Python repositories with surveillanceware.

Source: The Hacker News
Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo
YOU MAY ALSO LIKE
Vulnerabilities
Apple Patches Safari Flaw Previously Exploited Against Chrome Users
Aug 9, 2025
Vulnerabilities
SonicWall Investigates Suspected Zero-Day as Hackers Bypass MFA on Firewalls
Aug 9, 2025
Cyberattacks
Hackers Hit U.S. Chemical Company Through SAP Security Flaw
Aug 9, 2025
Vulnerabilities
Chinese Hackers Exploit VMware Flaws to Break Into Isolated Networks
Aug 9, 2025