40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials

/in

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.
“The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling

The Hacker News – ​Read More

In 2 years, half of all service calls will be resolved by AI – surveyWindows 11 upgrade failed? These are my 4 most powerful troubleshooting sec...