compromised packages – Experimental News Clipping Site

The Register: GitHub moves to tighten npm security amid phishing, malware plague

Sep 23, 2025

—

by

Source URL: https://www.theregister.com/2025/09/23/github_npm_registry_security/ Source: The Register Title: GitHub moves to tighten npm security amid phishing, malware plague Feedly Summary: Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing GitHub, which owns the npm registry for JavaScript packages, says it is tightening security in response to recent attacks.… AI Summary and Description:…

The Register: Self-propagating worm fuels latest npm supply chain compromise

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/09/16/npm_under_attack_again/ Source: The Register Title: Self-propagating worm fuels latest npm supply chain compromise Feedly Summary: Intrusions bear the same hallmarks as recent Nx mess The npm platform is the target of another supply chain attack, with crims already compromising 187 packages and counting.… AI Summary and Description: Yes Summary: The text discusses a…

Krebs on Security: Self-Replicating Worm Hits 180+ Software Packages

Sep 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/ Source: Krebs on Security Title: Self-Replicating Worm Hits 180+ Software Packages Feedly Summary: At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages…

Slashdot: Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack

Sep 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/09/08/1843235/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack Feedly Summary: AI Summary and Description: Yes Summary: The text reports on a significant supply chain attack that has compromised NPM packages, leading to malware injection into widely downloaded packages. This incident is notable for its…

Tag: compromised packages

The Register: GitHub moves to tighten npm security amid phishing, malware plague

The Register: Self-propagating worm fuels latest npm supply chain compromise

Krebs on Security: Self-Replicating Worm Hits 180+ Software Packages

Slashdot: Hackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain Attack