MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attack
Search

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Monday September 8, 2025. 09:25 PM , from Slashdot
Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack
An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.

In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-dow...

Related News

attack Self-Replicating Worm Affected Several Hundred NPM Packages, Including CrowdStrike's SlashdotSep 20
supply A Dangerous Worm Is Eating Its Way Through Software Packages Wired: Tech.Sep 20
chain Internal chaos after a cyberattack causes more damage than the attack itself BetaNewsSep 19
weekly Intel will design CPUs with Nvidia NVLink in return for $5 billion investment ComputerWorldSep 18
downloads Two Scattered Spider teens charged over attack on London’s transport network TheRegisterSep 18
billion Nvidia To Invest $5 Billion in Intel SlashdotSep 18
npm [$] LWN.net Weekly Edition for September 18, 2025 LWN.netSep 18
phishing US tech giants pledge $42 billion in UK investment as Trump tours Blighty TheRegisterSep 17
packages A lawsuit beyond parody: Trump's $15 billion fantasy filing is his craziest yet BoingBoingSep 17
them SparkyLinux 9 'Tiamat' arrives with updated kernel and software packages BetaNewsSep 17
domain Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack TheRegisterSep 17
accounts Microsoft Announces $30 Billion Investment In AI Infrastructure, Operations In UK SlashdotSep 17
hackers Steam president faces weekly abuse in gaming community BoingBoingSep 16
attackers Self-propagating worm fuels latest npm supply chain compromise TheRegisterSep 16
npmjs Another npm supply-chain attack LWN.netSep 16
attack Airlines Sell 5 Billion Plane Ticket Records To the Government For Warrantless Searching SlashdotSep 15
supply Jaguar Land Rover supply chain workers must get Covid-style support, says union TheRegisterSep 15
chain DistroWatch Weekly, Issue 1139 DistroWatchSep 15
weekly 1,200 undergrads hung out to dry after jailbreak attack on laundry machines TheRegisterSep 12
downloads OpenAI and Oracle Ink Historic $300 Billion Cloud Computing Deal SlashdotSep 12
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Sep, Tue 30 - 15:30 CEST