MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attack
Recherche

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

lundi 8 septembre 2025, 21:25 , par Slashdot
Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack
An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.

In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-dow...

Voir aussi

attack Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike's Slashdot20 Sep
supply A Dangerous Worm Is Eating Its Way Through Software Packages Wired: Tech.20 Sep
chain Internal chaos after a cyberattack causes more damage than the attack itself BetaNews19 Sep
weekly Intel will design CPUs with Nvidia NVLink in return for $5 billion investment ComputerWorld18 Sep
downloads Two Scattered Spider teens charged over attack on London’s transport network TheRegister18 Sep
billion Nvidia To Invest $5 Billion in Intel Slashdot18 Sep
npm [$] LWN.net Weekly Edition for September 18, 2025 LWN.net18 Sep
phishing US tech giants pledge $42 billion in UK investment as Trump tours Blighty TheRegister17 Sep
packages Schools targeted by student hackers Zataz17 Sep
them Les écoles ciblées par des élèves hackers Zataz17 Sep
domain A lawsuit beyond parody: Trump's $15 billion fantasy filing is his craziest yet BoingBoing17 Sep
accounts Former Spanish Professor Hunted for Alleged Support of Pro-Russian Hackers Zataz17 Sep
hackers Un ex-professeur espagnol traqué pour son soutien présumé aux hackers prorusses Zataz17 Sep
attackers SparkyLinux 9 'Tiamat' arrives with updated kernel and software packages BetaNews17 Sep
npmjs Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack TheRegister17 Sep
eacute Microsoft Announces $30 Billion Investment In AI Infrastructure, Operations In UK Slashdot17 Sep
attack Steam president faces weekly abuse in gaming community BoingBoing16 Sep
supply Self-propagating worm fuels latest npm supply chain compromise TheRegister16 Sep
chain Another npm supply-chain attack LWN.net16 Sep
weekly Airlines Sell 5 Billion Plane Ticket Records To the Government For Warrantless Searching Slashdot15 Sep
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 30 sept. - 17:19 CEST