A phishing email on Monday took down one of Node.js’s most prolific developers by pushing malicious code into packages downloaded billions of times a week, in what researchers call the largest software supply-chain attack in recent times. While the scope of the attack is massive, Security Alliance said in a Tuesday report that the attacker … Read more
Hackers have only managed to steal $50 worth of crypto from a massive supply chain hack affecting JavaScript software libraries, industry security researchers say. Crypto intelligence platform Security Alliance shared the findings on Monday after hackers broke into the node package manager (NPM) account of a well-known software developer and added malware to popular JavaScript … Read more
Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to … Read more
Hackers have compromised widely used JavaScript software libraries in what’s being called the largest supply chain attack in history. The injected malware is reportedly designed to steal crypto by swapping wallet addresses and intercepting transactions. According to several reports on Monday, hackers broke into the node package manager (NPM) account of a well-known developer and … Read more