TI Mindmap HUB
Threat Intelligence Report

Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects

📅 May 24, 2026 📰 socket.dev 🔍 0 CVE(s) referenced

A coordinated supply chain attack injected a malicious postinstall script into over 700 GitHub repositories—including popular PHP and Node.js projects—enabling remote code execution by silently downloading and running an unverified binary during installation.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle