Tag: npm ecosystem
-
The Register: One line of malicious npm code led to massive Postmark email heist
Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/ Source: The Register Title: One line of malicious npm code led to massive Postmark email heist Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding…
-
Unit 42: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack
Source URL: https://unit42.paloaltonetworks.com/npm-supply-chain-attack/ Source: Unit 42 Title: "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack Feedly Summary: Self-replicating worm “Shai-Hulud” has compromised 180-plus software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more. The post “Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack appeared first on Unit…