{ads}

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

Written By Monday, 15 September 2025 Add Comment



September 16, 2025 at 10:30AM

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling

from The Hacker News https://ift.tt/e4TRq6D

0 Response to "40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads