On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer.
With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has disrupted several key NPM packages, including those integral to application development and cryptography. According to StepSecurity, the malicious actors behind this incident used similar techniques with the Nx supply chain attack last month. As of September 16, researchers at Socket have already identified close to 500 impacted NPM packages.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Huge cyber attack under way – 2.8 million IPs being used to target VPN devices
February 10, 2025
A wide range of Virtual Private Network (VPN) and other networking devices are currently under attack by threat actors trying to break in to wider networks, experts have warned. Threat monitoring platform The Shadowserver Foundation warned about the ongoing attack on X, noting someone is currently using roughly 2.8 million different IP addresses to try and ...
- Scammers target Italian tycoons using defense minister’s AI-generated voice
February 10, 2025
Scammers target Italian tycoons using defense minister’s AI-generated voice on OpenAI Voice Engine Scammers used AI-generated voice of Italian Defense Minister Guido Crosetto in an atempts to steal millions of dollars from Italian business tycoons, according to reports. Crosetto said last Thursday on X that someone was using his name and his artificially generated voice to ...
- Thai-Swiss-US Operation Nets Hackers Behind 1,000+ Cyber Attacks
February 10, 2025
Thai police arrested four European hackers in Phuket who allegedly stole $16 million through ransomware attacks affecting over 1,000 victims worldwide. The suspects, wanted by Swiss and US authorities, were caught in coordinated raids across four locations. Officers from Cyber Crime Investigation Bureau, led by Police Lieutenant General Trairong Phiwphan, conducted “Operation PHOBOS AETOR” in Phuket ...
- 20 million OpenAI accounts offered for sale
February 7, 2025
A cybercriminal acting under the moniker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. A translation of the Russian statement by the poster says: “When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay ...
- Engineer IMI becomes latest British firm to be hit by cyber attack
February 6, 2025
Engineering group IMI confirmed it had been hit by a cyber attack just a week after rival Smiths Group said hackers had gained access to its global systems. Birmingham-headquartered IMI declined to disclose what data had been accessed in the attack, but systems in a number of its locations globally are understood to have been hit. IMI ...
- Grubhub confirms data breach, both drivers and customers are affected
February 4, 2025
Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team. The hacker was able to access private information connected ...