Supply Chain Attack Npm Library Used By Facebook And Others Was Compromised R Hackaday

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised | Hackaday

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised | Hackaday A massive supply chain attack compromised 18 highly popular npm packages, which collectively received two billion weekly downloads, deploying sophisticated browser based malware designed to steal. On september 8, 2025, the javascript ecosystem faced a major supply chain attack targeting 18 widely used npm packages. these packages alone see over 2.6 billion downloads each week, making this one of the most significant npm attacks in recent memory. the incident highlights the growing risk of supply chain threats in cloud native development environments and underscores why prevention first.

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised | Hackaday

Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised | Hackaday Discover how 18 npm packages were compromised in a major supply chain attack. learn what happened, who’s affected, and how to protect your software supply chain. Yesterday, a critical supply chain attack impacting 18 widely used npm packages was disclosed. these packages collectively account for nearly 2 billion weekly downloads. what happened? the maintainer’s account appears to have been compromised via a phishing campaign. yesterday, an attacker uploaded malicious versions of the packages. Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The npm ecosystem is in the middle of a major supply chain compromise. the maintainer known as qix is currently targeted in a phishing campaign that allows attackers to bypass two factor authentication and take over their npm account. this is happening right now, and malicious versions of widely used libraries are being published and distributed.

A Popular Npm Library Compromised In A Supply Chain Attack

A Popular Npm Library Compromised In A Supply Chain Attack Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer's account was compromised in a phishing attack. The npm ecosystem is in the middle of a major supply chain compromise. the maintainer known as qix is currently targeted in a phishing campaign that allows attackers to bypass two factor authentication and take over their npm account. this is happening right now, and malicious versions of widely used libraries are being published and distributed. Software packages with more than 2 billion weekly downloads hit in supply chain attack incident hitting npm users is likely the biggest supply chain attack ever. The npm supply chain attack put billions of downloads at risk. discover how it happened, what was compromised, and how to stay secure. On september 8, 2025, a supply chain attack affected 18 popular npm packages including chalk, debug, and ansi styles. the compromised packages contained malicious code designed to intercept cryptocurrency transactions in browsers. A massive javascript hack has compromised 18 npm packages—including chalk and debug—used billions of times weekly. the supply chain attack injected crypto stealing malware, marking one of the largest npm breaches ever.

NPM Breach - debug & chalk Compromised in Supply Chain Attack from developer qix