{ads}

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Written By Sunday, 20 July 2025 Add Comment



July 20, 2025 at 03:10PM

Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens. The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories. The list of affected

from The Hacker News https://ift.tt/G9mra8c

0 Response to "Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads