All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Phishing Campaign Leveraging the NPM Ecosystem

9mo agoen

Source

SnykPhishing Campaign Leveraging the NPM Ecosystemsnyk.io
Snippet from the RSS feed
A new phishing campaign weaponizes NPM and the unpkg CDN. Over 175 throwaway packages are used to host scripts that redirect users to credential-harvesting sites. The attack targets enterprise employees through the browser, not developers at install time.

You might also wanna read

Crates.io Targeted by Phishing Attempt Following npm Supply Chain Attack

The article discusses a phishing attempt targeting crates.io, the main public repository for Rust packages, following a recent npm supply ch

fasterthanli.me·9mo ago

September 2025 NPM supply-chain attack compromises popular JavaScript packages

In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack

projectptixiakis.github.io·1mo ago

176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials

Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi

sonatype.com·1mo ago

Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime

A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake

helixguard.ai·7mo ago

NPM Package Author "qix" Compromised in Ongoing Supply Chain Phishing Attack

This article discusses the ongoing issue of phishing attacks targeting NPM package authors, specifically focusing on a compromised author na

github.com·10mo ago

Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware

A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit

stepsecurity.io·9mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.