Phishing Campaign Leveraging the NPM Ecosystem
Source
SnykPhishing Campaign Leveraging the NPM Ecosystemsnyk.ioYou might also wanna read
Crates.io Targeted by Phishing Attempt Following npm Supply Chain Attack
The article discusses a phishing attempt targeting crates.io, the main public repository for Rust packages, following a recent npm supply ch

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime
A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake
NPM Package Author "qix" Compromised in Ongoing Supply Chain Phishing Attack
This article discusses the ongoing issue of phishing attacks targeting NPM package authors, specifically focusing on a compromised author na
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

Comments
Sign in to join the conversation.
No comments yet. Be the first.