Hoşgeldiniz June edition of the Xygeni Malicious Code Digest. This month, our security research team confirmed more than 645 kötü amaçlı paket across npm, PyPI, and (for the first time) the VSCode extension marketplace.
June was defined by three converging trends: sustained version-flooding campaigns designed to outlast blocklists, a sharp acceleration in attacks targeting AI tooling and agentic development workflows, and coordinated dependency confusion attacks against internal monorepo namespaces.
Among the most notable campaigns documented this month:
- hassasiyet flooded npm with over 70 versions across the 2.5.x range, a sustained evasion campaign republishing continuously to stay ahead of takedowns.
- A two-wave Solana typosquat campaign (June 7–8) published 15 packages impersonating
@solana-labsecosystem tooling, targeting Web3 and DeFi developers directly. - houzidawang806 accounted for over 25 versions in a single day (June 13), joined by metrikler-pipeline-d8k2 republished across 21 versions between June 15–18.
- MKS CryptoDAO Confusion campaign (June 17) published 11 packages at version 99.99.99, each carrying an identical postinstall payload sweeping CI/CD tokens, cloud credentials, and crypto wallet secrets.
- The week of June 20–26 brought the most concentrated AI tooling targeting of the month: ollama-yardımcıları (20 versiyon), açık yapay zeka-ajanları-yardımcıları (23 versiyon), monoclaude, yapay zeka SDK yardımcıları, ve @langgraphjs/toolkit, all confirmed in a single week, directly targeting Ollama, OpenAI agents SDK, LangGraph, and Claude API integrations.
- Two confirmed malicious VSCode extensions appeared this month, signaling that attackers are expanding beyond package registries into the developer environment itself.
The defining pattern of June: attacks are moving into IDE extensions, AI agent tooling, and agentic workflows where a malicious package installed autonomously has no human reviewer between infection and execution.
This monthly update is part of Xygeni’s ongoing malware and supply chain threat research initiative. For full context across every malicious package confirmed this month, explore the complete June Malicious Code Digest and related research from the Xygeni Security Team.
4. Hafta: 201'den Fazla Paket Keşfedildi
| Ekosistem | paket | Tarih |
|---|---|---|
| Haziran 20, 2026 | ||
| npm | panrouter:5.0.2 + 30 versions across 5.x–6.x range through Jun 22 — dominant campaign of the week | Haziran 20, 2026 |
| npm | trimprompt:1.0.5 + 4 versions — continuation from previous week, still active | Haziran 20, 2026 |
| npm | monoclaude:1.0.1 + 2 versions — Claude API tooling impersonation | Haziran 20, 2026 |
| vs kodu | orbit-agent-pair-programming-for-smalltalk:1.206.0 + 1 version — malicious VSCode extension targeting agentic development | Haziran 20, 2026 |
| npm | simplisafe-gatsby:1.0.1 Smart home platform namespace impersonation | Haziran 20, 2026 |
| Haziran 21, 2026 | ||
| npm | atlasora-paylaşılan:1.0.0 + 6 packages — coordinated monorepo dependency confusion: atlasora-api, -client, -sdk, -types, -utils, -config | Haziran 21, 2026 |
| npm | apintergrationpost:4.0.2 + 6 versions — deliberate misspelling campaign targeting integration tooling | Haziran 21, 2026 |
| npm | llm-traces-app:1.0.1 LLM observability tooling targeted | Haziran 21, 2026 |
| pipi | d0rk3r-telemetri:1.0.0 Obfuscated telemetry package in PyPI | Haziran 21, 2026 |
| Haziran 22, 2026 | ||
| pipi | tm-ai:2.91.75 + 7 versions — sustained PyPI version flooding campaign | Haziran 22, 2026 |
| pipi | istek-önbelleği-py:1.0.4 + 6 versions — PyPI version flooding | Haziran 22, 2026 |
| pipi | corvinos:0.17.0 + 6 versions — PyPI bulk registration campaign | Haziran 22, 2026 |
| Haziran 23, 2026 | ||
| npm | web3-token-yardımcısı:1.1.1 + 2 versions — Web3 token utility targeting | Haziran 23, 2026 |
| npm | monokros:1.0.1 + 1 version — mono-* naming cluster alongside monoclaude and monotacos | Haziran 23, 2026 |
| Haziran 24, 2026 | ||
| npm | ollama-yardımcıları:0.1.0 + 19 versions — largest AI tooling campaign of the month, targeting Ollama local AI runtime | Haziran 24, 2026 |
| npm | openai-agents-helpers:0.1.1 + 22 versions — coordinated campaign targeting OpenAI agents SDK ecosystem | Haziran 24, 2026 |
| Haziran 25, 2026 | ||
| npm | yapay zeka-sdk-yardımcıları:1.4.3 AI SDK tooling targeted alongside @langgraphjs/toolkit:1.2.11 | Haziran 25, 2026 |
| npm | kayıt-gömücü:99.99.99-poc3 + hs-locale-management — HubSpot internal namespace dependency confusion, poc suffix confirms active research campaign | Haziran 25, 2026 |
| Haziran 26, 2026 | ||
| npm | kolay-tel-kit:1.0.1 + 8 versions including variant easy-string-kit232 — bulk registration under generic utility name | Haziran 26, 2026 |
| npm | güvenli olmayan kötü amaçlı paket:1.0.0 + 5 versions — package explicitly named as malicious, confirmed payload, likely test or provocation campaign | Haziran 26, 2026 |
| npm | @vpms/tasarım-sistemi:1.1.2 + 2 versions — design system namespace impersonation | Haziran 26, 2026 |
3. Hafta: 200'den Fazla Paket Keşfedildi
| Ekosistem | paket | Tarih |
|---|---|---|
| Haziran 13, 2026 | ||
| npm | houzidawang806:1.0.0 + 25 versions across 1.0.x–1.2.x including siblings houzidawang807 and houzidawang808 — dominant campaign of the week | Haziran 13, 2026 |
| npm | friendly-greeter-demo:1.0.2 + 4 versions — persistent campaign reappearing across multiple days | Haziran 13, 2026 |
| npm | tsc-ai:1.2.0 tsc-* cluster: tsc-ai, tsc-mesh, tsc-lotl — CI tooling namespace impersonation | Haziran 13, 2026 |
| pipi | neuralbridge-sdk:4.5.4 + 6 versions across 4.5.x–5.1.x — sustained multi-day PyPI campaign | Haziran 13, 2026 |
| Haziran 15, 2026 | ||
| npm | token-prices-cron:999.0.0 + 6 packages — DeFi infrastructure dependency confusion cluster targeting internal cron and vault tooling | Haziran 15, 2026 |
| Haziran 16, 2026 | ||
| npm | bodega-sdk:9.9.9 + 8 packages — DeFi lending and Cardano ecosystem cluster: flow-lending, surf-lending, janus-*, flowcardano, flowdefi | Haziran 16, 2026 |
| npm | olay-ölçütleri-q3x7:1.0.0 + 8 versions — generic hex-suffix package registering bulk monitoring-themed names | Haziran 16, 2026 |
| npm | nic-datagov:1.0.0 + 3 packages — government data platform namespace impersonation: ogd-analytics, ogd-platform, dms-backend | Haziran 16, 2026 |
| Haziran 17, 2026 | ||
| npm | cryptodao-contracts:99.99.99 + 10 packages — CryptoDAO dependency confusion: core, sdk, bot, config, utils, deploy, signer, backend, types | Haziran 17, 2026 |
| pipi | teambot-ai:1.48.0 AI agent tooling targeted in PyPI | Haziran 17, 2026 |
| Haziran 18, 2026 | ||
| npm | metrikler-pipeline-d8k2:1.0.0 + 20 versions across Jun 18 — sustained single-day evasion campaign, republishing continuously to outlast blocklists | Haziran 18, 2026 |
| npm | tarama-sadece:0.4.5 + 6 versions — version flooding campaign | Haziran 18, 2026 |
| npm | renk-araçları-dee0:1.0.0 + 5 generic hex-suffix packages: data-utils, string-tools, type-check, fmt-helpers, metrics-probe — scripted bulk registration | Haziran 18, 2026 |
| npm | @azure-lab-services/ml-ts:99.0.0 Azure ML namespace impersonation | Haziran 18, 2026 |
| Haziran 19, 2026 | ||
| npm | trimprompt:1.0.2 + trimprompt-hub — prompt engineering tooling targeted | Haziran 19, 2026 |
| npm | claude-cup:0.8.6 Claude API tooling impersonation | Haziran 19, 2026 |
| pipi | aidaddin-agent:0.1.0 AI agent tooling targeted in PyPI | Haziran 19, 2026 |
| npm | web3-crypto-address-utils:0.1.0 Web3 utility targeting | Haziran 19, 2026 |
2. Hafta: 135'den Fazla Paket Keşfedildi
| Ekosistem | paket | Tarih |
|---|---|---|
| Haziran 7, 2026 | ||
| npm | @solana-labs/web3.js:1.0.0 + 5 variants — Solana ecosystem typosquat campaign, first wave | Haziran 7, 2026 |
| npm | @jisan901/teamfocus:1.0.0 + 2 versions | Haziran 7, 2026 |
| npm | @sflyinc-knapsack/shutterfly-react:999.0.0 Dependency confusion, inflated version | Haziran 7, 2026 |
| Haziran 8, 2026 | ||
| npm | @solana-labs/web3.js:1.98.102 + 9 variants — Solana ecosystem typosquat campaign, second wave | Haziran 8, 2026 |
| pipi | helixagentai:0.1.3 AI agent tooling targeted in PyPI | Haziran 8, 2026 |
| Haziran 9, 2026 | ||
| npm | @nstrlabs/sdk:99.0.0 + 7 packages — dependency confusion against internal monorepo namespace | Haziran 9, 2026 |
| npm | @klapp-login-platform/native-sdk:99.0.0 + 9 packages — authentication platform impersonation across multiple klapp namespaces | Haziran 9, 2026 |
| npm | blockchain-helper-0:1.0.0 + 7 packages — crypto/DeFi utility cluster targeting Web3 developers | Haziran 9, 2026 |
| npm | @card-pci-data/store:99.0.0 Payment card data namespace targeted | Haziran 9, 2026 |
| Haziran 10, 2026 | ||
| npm | morningstar-design-system:99.0.0 + 2 versions — financial design system impersonation | Haziran 10, 2026 |
| Haziran 11, 2026 | ||
| npm | pocteszep:1.0.1 + 5 versions published same day | Haziran 11, 2026 |
| npm | @coze-common/chat-area:99.1.1 AI chat platform namespace impersonation | Haziran 11, 2026 |
| pipi | telegramlite:1.0.0 + 1 version — messaging platform impersonation in PyPI | Haziran 11, 2026 |
| Haziran 12, 2026 | ||
| npm | ecto-corsair-whisper-6f3b9:1.0.18 + 7 ecto-* variants — obfuscated name cluster | Haziran 12, 2026 |
| npm | internallib_v984:1.0.3 + internallib_v557 cluster — 13 versions of internal library impostors | Haziran 12, 2026 |
| npm | voyager-web:999.0.0 Dependency confusion, inflated version | Haziran 12, 2026 |
| pipi | cdjeez:0.32.0 | Haziran 12, 2026 |
1. Hafta: 118'den Fazla Paket Keşfedildi
| Ekosistem | paket | Tarih |
|---|---|---|
| Mayıs 30, 2026 | ||
| npm | @cloudplatform-single-spa/administration:99.99.100 Dependency confusion, inflated version | Mayıs 30, 2026 |
| vs kodu | xampp-manager:5.1.3 VSCode extension — developer tool impersonation | Mayıs 30, 2026 |
| Haziran 1, 2026 | ||
| npm | @tse-digital/core:99.0.0 Dependency confusion — @telenor-se and @ownit also hit | Haziran 1, 2026 |
| npm | cms-storehub:1.3.4 + 2 versions, CMS namespace cluster | Haziran 1, 2026 |
| npm | @antoncallahan/aws-user-helper:6767.67.69 + 6 versions, inflated version numbers targeting AWS credentials | Haziran 1, 2026 |
| npm | hastabelgeleri:75.0.0 Healthcare namespace target | Haziran 1, 2026 |
| npm | @emcd-vue/auth:6.4.9 Crypto exchange namespace impersonation | Haziran 1, 2026 |
| pipi | simtooreal-cli:0.3.0 | Haziran 1, 2026 |
| Haziran 2, 2026 | ||
| npm | hassasiyet: 2.5.8 + 70 versions across 2.5.x range, Jun 2–5 — dominant campaign of the period | Haziran 2, 2026 |
| npm | @langgraphjs/toolkit:1.2.10 LangGraph tooling targeted | Haziran 2, 2026 |
| Haziran 4, 2026 | ||
| npm | @sentry-browser-sdk/profiling-node:1.0.1 + 2 versions, Sentry namespace impersonation | Haziran 4, 2026 |
| npm | internallib_v346:1.0.3 + 2 versions, internal library impostor | Haziran 4, 2026 |
| npm | yapay zeka-sdk-yardımcıları:0.2.1 + 7 versions, targeting AI SDK tooling | Haziran 4, 2026 |
Stop Malicious Code Before It Reaches Your Pipeline
Software supply chain threats have moved well past theoretical. Dependency confusion attacks, credential stealers, AI-targeted malware, and poisoned developer tooling are hitting real teams in real SDLCs every week.
Xygeni'nin kötü amaçlı yazılım algılama hem de supply chain security platform gives organizations the visibility to catch malicious dependencies before they execute on a developer machine, enter a build system, or reach production. Coverage spans npm, PyPI, VSCode, and beyond, monitoring for suspicious publishing patterns, namespace abuse, typosquatting, and AI-native attack techniques as they emerge.
Every finding is automatically prioritized by exploitability, reachability, and business impact, so your team focuses on what actually needs fixing, not noise.
Whether it’s a malicious open-source package, a compromised developer tool, or an AI-generated code risk, Xygeni keeps security and engineering teams one step ahead of the supply chain threat landscape.
Explore every malicious package and campaign validated by the Xygeni Security Team in the Kötü Amaçlı Kod Özeti.
Xygeni ile güvende kalın. Hızlı kalın. Kontrolü elinizde tutun.




