MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
supply
Search

Supply chain attack compromises NPM packages to spread backdoor malware

Friday July 25, 2025. 03:32 AM , from InfoWorld
In a newly discovered supply chain attack, attackers last week targeted a range of NPM-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.

Anyone automatically downloading these packages would have been exposed to a backdoor supply chain attack until cleaned versions were installed.

In one example on July 19, attackers loaded the popular is NPM JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:
Read more at InfoWorld
https://www.csoonline.com/article/4028412/supply-chain-attack-compromises-npm-packages-to-spread-bac...

Related News

supply Freelance dev shop Toptal caught serving malware after GitHub account break-in TheRegisterJul 25
malware Euro healthcare giant AMEOS Group shuts down IT systems after mystery attack TheRegisterJul 24
attack Coyote malware abuses Microsoft's UI Automation to hunt banking creds TheRegisterJul 24
chain Not pretty, not Windows-only: npm phishing attack laces popular packages with malware TheRegisterJul 24
packages Arch Linux users told to purge Firefox forks after AUR malware scare TheRegisterJul 22
backdoor Malicious packages uploaded to the Arch Linux AUR LWN.netJul 22
npm Hackers Exploit a Blind Spot By Hiding Malware Inside DNS Records SlashdotJul 21
testing UK Backing Down on Apple Encryption Backdoor After Pressure From US SlashdotJul 21
type Microsoft patches under-attack SharePoint 2019 and SE TheRegisterJul 21
javascript MSRT vs. MSERT: Using Microsoft native malware handlers ComputerWorldJul 21
attackers Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack TheRegisterJul 21
were UK uncovers novel Microsoft snooping malware, blames and sanctions GRU cyberspies TheRegisterJul 20
compromises Google Spots Tailored Backdoor Malware Aimed At SonicWall Appliances SlashdotJul 18
spread MCP server announced for JFrog supply chain management platform InfoWorldJul 17
supply Hackers Are Finding New Ways to Hide Malware in DNS Records Wired: Tech.Jul 17
malware Outdated printer firmware can leave organizations open to attack BetaNewsJul 17
attack Matanbuchus 3.0 is a serious malware threat spread via Microsoft Teams BetaNewsJul 17
chain Crims hijacking fully patched SonicWall VPNs to deploy stealthy backdoor and rootkit TheRegisterJul 16
packages Apple to pour $500M into US rare earth supply for iPhones ComputerWorldJul 15
backdoor A Never-Ending Supply of Drones Has Frozen the Front Lines in Ukraine SlashdotJul 13
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Jul, Sat 26 - 14:00 CEST