MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
packages
Recherche

npm debug and chalk packages compromised (Aikido)

lundi 8 septembre 2025, 19:45 , par LWN.net
The Aikido blog describes
an apparently ongoing series of phishing attacks against npm package
maintainers, resulting in the uploading of compromised versions of heavily
used packages:

All together, these packages have more than 2 billion downloads per
week.

The packages were updated to contain a piece of code that would be
executed on the client of a website, which silently intercepts
crypto and web3 activity in the browser, manipulates wallet
interactions, and rewrites payment destinations so that funds and
approvals are redirected to attacker-controlled accounts without
any obvious signs to the user.
Lire la suite sur LWN.net
https://lwn.net/Articles/1037167/

Voir aussi

packages Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack Slashdot 8 Sep
compromised Dev snared in crypto phishing net, 18 npm packages compromised TheRegister 8 Sep
npm The Duty-Free Loophole Is Closing. What That Means for You—and Your Packages Wired: Tech.28 Aug
aikido Nx NPM packages poisoned in AI-assisted supply chain attack TheRegister27 Aug
debug Survey Finds More Python Developers Like PostgreSQL, AI Coding Agents - and Rust for Packages Slashdot25 Aug
chalk Microsoft is Trying To Poach Meta AI Talent and Offering Multimillion-Dollar Pay Packages Slashdot12 Aug
packages Rust's Annual Tech Report: Trusted Publishing for Packages and a C++/Rust Interop Strategy Slashdot10 Aug
compromised Tailor drew chalk portraits on fabric BoingBoing 5 Aug
npm [$] Debian grapples with offensive packages, again LWN.net 4 Aug
aikido Trump Ends Tariff Exemption for Small Packages Wired: Tech.31 Jul
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 9 sept. - 19:56 CEST