Skip to article
Security Alert
Emergent Story mode

Now reading

Overview

1 / 12 3 min 5 sources Multi-Source
Sources

Story mode

Security AlertMulti-Source6 sections

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program.

Read
3 min
Sources
5 sources
Domains
2
Sections
6

What Happened The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program. In the latest incident,...

Story state
Deep multi-angle story
Evidence
What Happened
Coverage
6 reporting sections
Next focus
What Comes Next

Story step 1

Multi-Source

What Happened

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes...

Step
1 / 6

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program. In the latest incident, the AntV data visualization tool was compromised, with attackers publishing at least 637 malicious versions across 317 different npm packages in a 22-minute burst.

Continue in the field

Focused storyNearby context

Open the live map from this story.

Carry this article into the map as a focused origin point, then widen into nearby reporting.

Leave the article stream and continue in live map mode with this story pinned as your origin point.

  • Open the map already centered on this story.
  • See what nearby reporting is clustering around the same geography.
  • Jump back to the article whenever you want the original thread.
Open live map mode

Story step 2

Multi-Source

Malware Attacks on npm Packages

The npm registry has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool....

Step
2 / 6

The npm registry has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. According to analysis by SafeDep, the attackers compromised the credentials of a high-value npm maintainer account, allowing them to publish malicious versions of popular packages.

  • The attack compromised 637 malicious versions across 317 different npm packages.
  • The affected packages include popular tools such as size-sensor, echarts-for-react, and timeago.js.
  • The attackers used a similar tactic to the previous Shai-Hulud campaign, which impacted TanStack and Mistral packages.

Story step 3

Multi-Source

Windows 11 Driver Quality to Improve in 2026

Microsoft plans to raise the quality bar of Windows 11 drivers, which "sit at the heart of every Windows experience" and connect the OS to hardware...

Step
3 / 6

Microsoft plans to raise the quality bar of Windows 11 drivers, which "sit at the heart of every Windows experience" and connect the OS to hardware and peripherals. The move comes after users reported a decrease in driver quality, with monthly updates causing BSODs or artifacts in games.

"When drivers are high quality, customers experience reliable, secure, performant devices. When drivers fail, customers experience it as a device problem, regardless of where the root cause sits." — Microsoft

Story step 4

Multi-Source

GitHub Scales Back Bug Bounties

GitHub is replacing cash bounties with swag rewards for reports with low security impact and asking researchers to stop submitting low-quality...

Step
4 / 6

GitHub is replacing cash bounties with swag rewards for reports with low security impact and asking researchers to stop submitting low-quality reports. The move comes after a sharp increase in submissions that don't demonstrate real security impact.

  • GitHub has seen a rise in submissions that identify hardening opportunities or documentation gaps.
  • The company is asking researchers to focus on high-impact reports and to stop submitting low-quality reports.

Story step 5

Multi-Source

Key Facts

What: Malware attacks on npm packages, Windows 11 driver quality improvement, changes to GitHub bug bounty program Impact: Hundreds of npm packages...

Step
5 / 6
  • What: Malware attacks on npm packages, Windows 11 driver quality improvement, changes to GitHub bug bounty program
  • Impact: Hundreds of npm packages compromised, concerns over software security

Story step 6

Multi-Source

What Comes Next

As the software security landscape continues to evolve, it's essential to stay vigilant and proactive. Users should be aware of the risks associated...

Step
6 / 6

As the software security landscape continues to evolve, it's essential to stay vigilant and proactive. Users should be aware of the risks associated with open-source software and take steps to protect themselves. Meanwhile, companies like Microsoft and GitHub must prioritize security and work to prevent similar incidents in the future.

Cited sources

Multi-Source

5 cited references across 2 linked domains.

References
5
Domains
2

5 cited references across 2 linked domains.

  1. Source 1 · Fulqrum Sources

    AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

  2. Source 2 · Fulqrum Sources

    GitHub scales back bug bounties, reminds users security is their responsibility too

  3. Source 3 · Fulqrum Sources

    New Shai-Hulud malware wave compromises 600 npm packages

Open source path

For sponsors

Security AlertDeep read

Reach readers following this story path.

Reach readers choosing Security Alert coverage with 5 cited references and a clear next-step path.

Evidence
5
Read
3 min

Package the article, desk, and newsletter path around readers already choosing this context.

Sponsor this context

Keep reporting

ContradictionsEvent arcNarrative drift

Open the deeper source boards.

Take the mobile reel into contradictions, event arcs, narrative drift, and the full source workspace.

  • Scan the cited sources and coverage list first.
  • Open contradiction and narrative drift checks after the first read.
  • Revisit the core evidence in What Happened.
Open source boards

Stay in the reporting trail

Open the source boards, cited outlets, and related analysis.

Jump from the app-style read into the deeper source path without losing your place in the story.

Open source pathBack to Security Alert
🔒 Security Alert

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program.

Sunday, June 21, 2026 • 3 min read • 5 source references

  • 3 min read
  • 5 source references

What Happened

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program. In the latest incident, the AntV data visualization tool was compromised, with attackers publishing at least 637 malicious versions across 317 different npm packages in a 22-minute burst.

Malware Attacks on npm Packages

The npm registry has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. According to analysis by SafeDep, the attackers compromised the credentials of a high-value npm maintainer account, allowing them to publish malicious versions of popular packages.

  • The attack compromised 637 malicious versions across 317 different npm packages.
  • The affected packages include popular tools such as size-sensor, echarts-for-react, and timeago.js.
  • The attackers used a similar tactic to the previous Shai-Hulud campaign, which impacted TanStack and Mistral packages.

Windows 11 Driver Quality to Improve in 2026

Microsoft plans to raise the quality bar of Windows 11 drivers, which "sit at the heart of every Windows experience" and connect the OS to hardware and peripherals. The move comes after users reported a decrease in driver quality, with monthly updates causing BSODs or artifacts in games.

"When drivers are high quality, customers experience reliable, secure, performant devices. When drivers fail, customers experience it as a device problem, regardless of where the root cause sits." — Microsoft

GitHub Scales Back Bug Bounties

GitHub is replacing cash bounties with swag rewards for reports with low security impact and asking researchers to stop submitting low-quality reports. The move comes after a sharp increase in submissions that don't demonstrate real security impact.

  • GitHub has seen a rise in submissions that identify hardening opportunities or documentation gaps.
  • The company is asking researchers to focus on high-impact reports and to stop submitting low-quality reports.

Key Facts

  • What: Malware attacks on npm packages, Windows 11 driver quality improvement, changes to GitHub bug bounty program
  • Impact: Hundreds of npm packages compromised, concerns over software security

What Comes Next

As the software security landscape continues to evolve, it's essential to stay vigilant and proactive. Users should be aware of the risks associated with open-source software and take steps to protect themselves. Meanwhile, companies like Microsoft and GitHub must prioritize security and work to prevent similar incidents in the future.

Story pulse
Story state
Deep multi-angle story
Evidence
What Happened
Coverage
6 reporting sections
Next focus
What Comes Next

What Happened

The world of software security is facing a series of challenges, from malware attacks on npm packages to issues with Windows 11 drivers and changes to GitHub's bug bounty program. In the latest incident, the AntV data visualization tool was compromised, with attackers publishing at least 637 malicious versions across 317 different npm packages in a 22-minute burst.

Malware Attacks on npm Packages

The npm registry has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool. According to analysis by SafeDep, the attackers compromised the credentials of a high-value npm maintainer account, allowing them to publish malicious versions of popular packages.

  • The attack compromised 637 malicious versions across 317 different npm packages.
  • The affected packages include popular tools such as size-sensor, echarts-for-react, and timeago.js.
  • The attackers used a similar tactic to the previous Shai-Hulud campaign, which impacted TanStack and Mistral packages.

Windows 11 Driver Quality to Improve in 2026

Microsoft plans to raise the quality bar of Windows 11 drivers, which "sit at the heart of every Windows experience" and connect the OS to hardware and peripherals. The move comes after users reported a decrease in driver quality, with monthly updates causing BSODs or artifacts in games.

"When drivers are high quality, customers experience reliable, secure, performant devices. When drivers fail, customers experience it as a device problem, regardless of where the root cause sits." — Microsoft

GitHub Scales Back Bug Bounties

GitHub is replacing cash bounties with swag rewards for reports with low security impact and asking researchers to stop submitting low-quality reports. The move comes after a sharp increase in submissions that don't demonstrate real security impact.

  • GitHub has seen a rise in submissions that identify hardening opportunities or documentation gaps.
  • The company is asking researchers to focus on high-impact reports and to stop submitting low-quality reports.

Key Facts

  • What: Malware attacks on npm packages, Windows 11 driver quality improvement, changes to GitHub bug bounty program
  • Impact: Hundreds of npm packages compromised, concerns over software security

What Comes Next

As the software security landscape continues to evolve, it's essential to stay vigilant and proactive. Users should be aware of the risks associated with open-source software and take steps to protect themselves. Meanwhile, companies like Microsoft and GitHub must prioritize security and work to prevent similar incidents in the future.

Advertisement

Ad slot: in-article

Coverage tools

Sources, context, and related analysis

Source path

How this briefing, its cited outlets, and the next reporting move fit together

A compact source board that keeps the article legible while showing what supports the current read and what would most improve the coverage next.

Cited sources

0

Reading points

3

Source links

2

Next checks

1

Source map

From briefing to cited outlets to next reporting move

Source path ready

Story geography

Where this reporting sits on the map

Use the map-native view to understand what is happening near this story and what adjacent reporting is clustering around the same geography.

Geo context
0.00° N · 0.00° E Mapped story

This story is geotagged. Nearby related reporting is not ready yet, so the live map is the best next context check.

Continue in live map mode

Coverage at a Glance

5 sources

Compare coverage, inspect perspective spread, and open primary references side by side.

Linked Sources

5

Distinct Outlets

2

Viewpoint Center

Not enough mapped outlets

Outlet Diversity

Very Narrow
0 sources with viewpoint mapping 0 higher-credibility sources
Coverage is still narrow. Treat this as an early map and cross-check additional primary reporting.

Coverage Gaps to Watch

  • Thin mapped perspectives

    Most sources do not have mapped perspective data yet, so viewpoint spread is still uncertain.

  • No high-credibility anchors

    No source in this set reaches the high-credibility threshold. Cross-check with stronger primary reporting.

Read Across More Angles

Source-by-Source View

Search by outlet or domain, then filter by credibility, viewpoint mapping, or the most-cited lane.

Showing 5 of 5 cited sources with links.

Unmapped Perspective (5)

bleepingcomputer.com

Microsoft plans to improve Windows 11 driver quality in 2026

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

Microsoft blames undismissible Teams location prompts on macOS update

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
bleepingcomputer.com

New Shai-Hulud malware wave compromises 600 npm packages

Open

bleepingcomputer.com

Unmapped bias Credibility unknown Dossier
csoonline.com

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
csoonline.com

GitHub scales back bug bounties, reminds users security is their responsibility too

Open

csoonline.com

Unmapped bias Credibility unknown Dossier
Source-linked Fast briefing Contrast-aware

Emergent News uses automated assistance to gather, compare, and summarize coverage from 5 cited sources. Review the source list below before relying on the story.