资讯

Security Boulevard2 天

How One Phishing Email Compromised 18 npm Packages and Billions of Installs

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...
Securities.io5 小时

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
Cyber Daily2 天

18 popular JavaScript code packages hacked to spread malware

Multiple npm packages have been compromised by a phishing attack in an attempt to spread crypto malware to billions of victims.
Developer Tech2 天

Escalating npm supply chain malware attack drains crypto wallets

An escalating npm supply chain attack has compromised dozens of foundational JavaScript packages to spread malware and drain ...