Cyberattacks

Hackers Hijack Toptal's GitHub to Spread Malicious npm Packages

Cybercriminals compromised Toptal's GitHub, publishing 10 malicious npm packages that stole tokens and wiped systems. Attack method unknown; Toptal has restored safe versions. Learn more about this supply chain attack.

By Content Team

Jul 28, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals compromised Toptal's GitHub account and published 10 malicious npm packages that downloaded 5,000 times before removal. The packages contained code designed to steal GitHub authentication tokens and completely wipe victim systems using destructive commands. All packages targeted the same preinstall and postinstall scripts, sending stolen data to webhook endpoints before silently deleting files on Windows and Linux machines.

Toptal has since restored safe versions, but the attack method remains unknown. This follows similar supply chain attacks targeting npm and Python repositories with surveillanceware.

Source: The Hacker News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Net-SNMP Flaw Threatens Network Infrastructure Worldwide

Dec 25, 2025

Fake Claude AI Sites Spread Malware Through Google Ads

Mar 11, 2026

Adobe Patches Zero-Day Vulnerability Exploited for Months

Apr 14, 2026

Iranian Hackers Used Stolen Credentials to Breach Medical Giant Stryker

Mar 18, 2026