Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
A supply chain attack has compromised a top npm package, potentially affecting developer machines. The scope of the attack is unclear, with reports varying on the number of packages and repositories affected, ranging from a single popular package to hundreds of npm packages. The attack appears to be part of a larger campaign, with some outlets referencing a "Shai-Hulud" wave or a self-replicating worm, and others noting multiple attackers and techniques involved.
Full coverage
12345678