Targeted npm dependency confusion attack caught red-handed
4y agoen
Source
SnykTargeted npm dependency confusion attack caught red-handedsnyk.ioOnce in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found in npm: gxm-reference-web-auth-server.
You might also wanna read
176 malicious npm packages used dependency confusion to target internal dependencies and steal credentials
Sonatype researchers uncovered a campaign involving 176 malicious npm packages using a dependency confusion attack strategy. Attackers publi
NPM supply chain attack compromises popular packages, posing widespread security risk
A significant supply chain attack on the NPM package ecosystem compromised several popular packages, potentially allowing malicious code to

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
projectptixiakis.github.io·1mo ago
Compromised axios npm package delivers cross-platform RAT
Datadog·3mo ago
Multiple @redhat-cloud-services npm packages compromised in supply chain attack
Multiple npm packages under the @redhat-cloud-services scope have been compromised with malicious releases. The affected packages include @r
AI-Generated npm Package Leaks Its Own GitHub Token, Exposing Malware Operator
A malicious npm package named mouse5212-super-formatter, identified by OX Security, was caught leaking its own hardcoded GitHub token. This

Comments
Sign in to join the conversation.
No comments yet. Be the first.