Massive NPM Package Supply Chain Attack: Millions of Downloads Compromised

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Massive NPM Package Supply Chain Attack: Millions of Downloads Compromised

2025-09-09

A significant supply chain attack targeted the npm ecosystem, compromising multiple packages with over 2.6 billion weekly downloads. Attackers used phishing emails to gain access to a maintainer's account, subsequently injecting malware into several widely used packages. This malware intercepts cryptocurrency transactions in the browser, redirecting funds to attacker-controlled wallets. While some malicious versions have been removed by the NPM team, the incident highlights the vulnerabilities of software supply chains and the growing threat of phishing and browser-based attacks. The impact was mitigated somewhat as it only affected users with fresh installs during a narrow time window.

(www.bleepingcomputer.com)

Development

Google's Contradictory Statements: Is the Open Web Dying?

Gartner Predicts AI Takeover of All IT Work by 2030