MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
attack
Search

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Monday September 8, 2025. 09:25 PM , from Slashdot
Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack
An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.

The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain.

In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Read more of this story at Slashdot.
https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-dow...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Sep, Tue 9 - 19:56 CEST