Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Source: The Hacker News | Added:

Cybersecurity researchers have reported a supply chain attack affecting popular npm packages, where maintainers' npm tokens were stolen through a phishing campaign. The attackers used these tokens to publish malicious versions of the packages without any source code changes on GitHub.

---

Impact: npm packages

In the Wild: Yes

Age: Newly disclosed

Remediation: Not specified

Read Full Original Article →