Techly NewsGet the app

Get the latest tech news

Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack


An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The package maintainer whose accounts we...

An anonymous reader shares a report: In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack. The package maintainer whose accounts were hijacked in this supply-chain attack confirmed the incident earlier today, stating that he was aware of the compromise and adding that the phishing email came from support [at] npmjs [dot] help, a domain that hosts a website impersonating the legitimate npmjs.com domain. In the emails, the attackers threatened that the targeted maintainers' accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of Hackers

Hackers

Photo of Supply chain attack

Supply chain attack

Photo of npm packages

npm packages

Related news:

News photo

Dev snared in crypto phishing net, 18 npm packages compromised

News photo

Department of War Doesn’t Defend its Web Streams From Hackers

News photo

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

« Looking for the fastest iPhone 17 model? These iPhone 16 speed test results can help
Signal adds secure cloud backups to save and restore chats »