MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attack
Recherche

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

lundi 8 septembre 2025, 21:25 , par Slashdot
Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack
An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.

In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-dow...

Voir aussi

attack Jaguar Land Rover Extends Shutdown After Cyber Attack Slashdot 8 Sep
supply Drift massive attack traced back to loose Salesloft GitHub account TheRegister 8 Sep
chain Dev snared in crypto phishing net, 18 npm packages compromised TheRegister 8 Sep
weekly npm debug and chalk packages compromised (Aikido) LWN.net 8 Sep
downloads OpenAI Says Its Business Will Burn $115 Billion Through 2029 Slashdot 8 Sep
billion CISA sounds alarm over TP-Link wireless routers under attack TheRegister 8 Sep
npm Proposed $1.5 billion Anthropic copyright settlement raises questions about generative AI costs ComputerWorld 8 Sep
phishing Anthropic to pay at least $1.5 billion to authors whose work it knowingly pirated TheRegister 8 Sep
packages DistroWatch Weekly, Issue 1138 DistroWatch 8 Sep
them Chinese Hackers Impersonated US Lawmaker in Email Espionage Campaign Slashdot 7 Sep
domain Google’s €2.95 billion EC antitrust fine is just the beginning ComputerWorld 6 Sep
accounts Anthropic Agrees To Pay Record $1.5 Billion To Settle Authors' AI Lawsuit Slashdot 5 Sep
hackers Anthropic Agrees to Pay Authors at Least $1.5 Billion in AI Copyright Settlement Wired: Tech. 5 Sep
attackers Google Hit With $3.45 Billion EU Antitrust Fine Over Adtech Practices Slashdot 5 Sep
npmjs Is Meta’s $10 billion cloud deal a good idea for you? InfoWorld 5 Sep
attack [$] LWN.net Weekly Edition for September 4, 2025 LWN.net 4 Sep
supply Supermarket Giant Tesco Sues VMware, Warns Lack of Support Could Disrupt Food Supply Slashdot 3 Sep
chain Trump launches attack on offshore wind BoingBoing 3 Sep
weekly Cloudflare Stops New World's Largest DDoS Attack Over Labor Day Weekend Slashdot 3 Sep
downloads Windows 10 support costs could top $7 billion BetaNews 3 Sep
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Date Actuelle
mar. 9 sept. - 14:06 CEST