Skip to content
supplychainattack.orgSupply chain attack incident catalog
activecritical

Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised

On June 24, 2026, an attacker published malicious versions of 20 npm packages belonging to the Leo Platform ecosystem in a coordinated attack. All packages contained an identical CI/CD attack toolkit designed to steal secrets from GitHub Actions runners, cloud credential stores, package registries, and password managers, then exfiltrate them via the victim's GitHub token.

ShareXLinkedInHacker News
Disclosed
Last updated
Blast radius
20 npm packages in the Leo Platform ecosystem; approximately 13,600 downloads per week across affected packages
Ecosystems
npmOther
Attack vectors
Compromised package
Affected entities
  • Leo Platform packages20 packages compromised with identical CI/CD attack toolkit

On June 24, 2026, a coordinated supply chain attack targeted the Leo Platform ecosystem on npm. An attacker published malicious versions of 20 packages in a burst spanning less than three seconds, indicating a highly automated or pre-planned operation.

All 20 compromised packages carried an identical CI/CD attack toolkit. The malware is designed to steal sensitive credentials from multiple sources: GitHub Actions runners, cloud credential stores, package registries, and password managers. The stolen credentials are then exfiltrated using the victim's own GitHub token, potentially allowing the attacker to maintain persistence and access to downstream systems.

The affected packages collectively receive approximately 13,600 downloads per week, indicating significant exposure across the npm ecosystem. The coordinated nature of the attack and the shared malicious payload suggest a sophisticated threat actor with knowledge of the Leo Platform's package structure and distribution patterns.

Indicators of compromise

Packages
  • Leo Platform packages (20 packages, specific names not listed in source)

Remediation

  • Immediately audit and revoke any GitHub tokens and cloud credentials that may have been exposed on systems that installed the compromised packages
  • Review GitHub Actions logs and cloud provider audit logs for unauthorized access or credential usage during the compromise window
  • Update all Leo Platform packages to patched versions once available from the maintainers
  • Implement package signature verification and integrity checks in CI/CD pipelines
  • Monitor for suspicious credential usage or lateral movement from affected systems
  • Consider using secrets management solutions that limit credential exposure to CI/CD environments

Sources

  1. Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised · StepSecurity

Cite this entry

"Mass npm Supply Chain Attack: 20 Leo Platform Packages Compromised." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 24, 2026; last updated June 29, 2026. https://supplychainattack.org/incident/mass-npm-supply-chain-attack-20-leo-platform-packages-compromised-kmcbmk

Suggest a correction

Found an error or have a newer source? Corrections to factual errors take priority over new entries.

Related incidents

  1. activecritical

    The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave

    TeamPCP conducted a multi-ecosystem supply chain compromise targeting the @antv package and associated development infrastructure. The attack leveraged GitHub, NPM, and VSCode to steal credentials and establish persistence mechanisms.

    TeamPCPnpmOtherAccount takeoverCompromised packageMalicious maintainer
  2. activecritical

    Shai-Hulud: Here We Go Again. Mass npm Supply Chain Attack Hits the AntV Ecosystem

    A new wave of the Mini Shai-Hulud worm has compromised multiple npm packages across Alibaba's AntV data visualization ecosystem, including echarts-for-react and timeago.js. Stolen CI/CD secrets are being exfiltrated and dumped to thousands of public GitHub repositories as the attack spreads.

    Mini Shai HuludnpmOtherCompromised packageAccount takeover
  3. activecritical

    TeamPCP's Mini Shai-Hulud Is Back: A Self-Spreading Supply Chain Attack Compromises TanStack npm Packages

    The Mini Shai-Hulud worm is actively compromising legitimate npm packages by hijacking CI/CD pipelines and stealing developer secrets. The attack was first detected by StepSecurity in official @tanstack packages and is spreading across the npm ecosystem in real time.

    TeamPCPMini Shai HuludnpmOtherCompromised packageBuild-system compromise
  4. activecritical

    Shai-Hulud Worm Pivots to Multi-Cloud: intercom-client@7.0.4 Hijacked — 361,000 Weekly Downloads, AWS, GCP, and Azure Credentials Now in Scope

    The Shai-Hulud worm has hijacked intercom-client@7.0.4 (361,510 weekly downloads) via a compromised GitHub Actions OIDC publishing pipeline, 29 hours after compromising mbt@1.2.48 and @cap-js/sqlite@2.2.2. The worm is actively propagating through CI/CD infrastructure stolen from earlier victims, targeting multi-cloud credentials (AWS, GCP, Azure).

    Shai-HuludnpmOtherCompromised packageBuild-system compromiseAccount takeover