{"id":218687,"date":"2025-07-25T04:15:09","date_gmt":"2025-07-25T09:15:09","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/07\/hackers-breach-toptal-github-account-publish-malicious-npm-packages"},"modified":"2025-07-25T04:15:09","modified_gmt":"2025-07-25T09:15:09","slug":"hackers-breach-toptal-github-account-publish-malicious-npm-packages","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/07\/hackers-breach-toptal-github-account-publish-malicious-npm-packages","title":{"rendered":"Hackers breach Toptal GitHub account, publish malicious npm packages"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-breach-toptal-github-account-publish-malicious-npm-packages.jpg\"><\/a><\/p>\n<p>Hackers compromised Toptal\u2019s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index.<\/p>\n<p>The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims\u2019 systems.<\/p>\n<p>Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The company also maintains internal developer tools and design systems, most notably Picasso, which they make available through GitHub and NPM.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers compromised Toptal\u2019s GitHub organization account and used their access to publish ten malicious packages on the Node Package Manager (NPM) index. The packages included data-stealing code that collected GitHub authentication tokens and then wiped the victims\u2019 systems. Toptal is a freelance talent marketplace that connects companies with software developers, designers, and finance experts. The [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[45,1492],"tags":[],"class_list":["post-218687","post","type-post","status-publish","format-standard","hentry","category-finance","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=218687"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/218687\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=218687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=218687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=218687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}