News

Self-propagating supply chain attack hits 187 npm packages

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated ...
The Register on MSN

Self-propagating worm fuels latest npm supply chain compromise

Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with ...
CSOonline

Developer sabotages own npm module prompting open-source supply chain security questions

The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity. The developer of a popular JavaScript ...
Threat Post

Dev Sabotages Popular NPM Package to Protest Russian Invasion

In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. The developer ...

Hackers left empty-handed after massive NPM supply-chain attack

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, ...
Infosecurity Magazine

Open Source Community Thwarts Massive npm Supply Chain Attack

What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source ...
Infosecurity-magazine.com

Malicious Npm Package Uses Typosquatting, Downloads Malware

A package called “aabquerys” has been spotted on the open-source JavaScript npm repository using typosquatting techniques to enable the download of malicious components. The findings come from ...