20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Updated on September 9, 2025

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack.

The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on…

Read the rest of the story at Read More

Source: The Hacker News

July 21, 2025 Uncategorized

3,500 Websites Hijacked to Secretly Mine...

April 16, 2025 Uncategorized

Experts Uncover Four New Privilege Escal...

January 18, 2024 Uncategorized

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Related posts

3,500 Websites Hijacked to Secretly Mine...

Experts Uncover Four New Privilege Escal...

MFA Spamming and Fatigue: When Security ...

Leave a Comment Cancel reply

Recent News

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

Scanning Activity on Palo Alto Networks Portals Jump 500% in One Day

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Rhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography Payloads

Researchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTEL

Product Walkthrough: How Passwork 7 Addresses Complexity of Enterprise Security

New “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRAT

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild