Login
institutional access

You are connecting from
Lake Geneva Public Library,
please login or register to take advantage of your institution's Ground News Plan.

Published loading...Updated

npm phishing attack laces popular packages with malware

GLOBAL, JUL 24 – The malware steals environment variables and offers remote access, affecting packages downloaded millions of times weekly, according to security researchers.

Summary by The Register
: The "is" package was infected with cross-platform malware after a scam targeting maintainers
Podcasts & Opinions

7 Articles

Tech RadarTech Radar
Center

Npm package with millions of downloads is at risk from malware hijacking

Hackers were deploying malware through a popular npm package for six hours.

·United Kingdom
Read Full Article
The RegisterThe Register
Center

npm phishing attack laces popular packages with malware

: The "is" package was infected with cross-platform malware after a scam targeting maintainers

Read Full Article
BleepingComputerBleepingComputer
Center

NPM package ‘is’ with 2.8M weekly downloads infected devs with malware

The popular NPM package 'is' has been compromised in a supply chain attack that injected backdoor malware, giving attackers full access to compromised devices.

Read Full Article
HeiseHeise

Popular Javascript Package Is: Malware by Supply Chain Attack

After a phishing attack on npm Maintainer, the package is, which comes to about 2.7 million weekly downloads, infected with a malware loader.

·Germany
Read Full Article
technewstube.comtechnewstube.com

Supply chain attack compromises NPM packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of NPM-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware. Anyone automatically downloading these packages would have been exposed to a backdoor supply chain attack until cleaned versions were installed. In one example on July 19, attackers loaded the popular is NPM JavaScript type testing utility with malwa…

Read Full Article
World NEWS LiveWorld NEWS Live

Npm package with millions of downloads is at risk from malware hijacking - WorldNL Magazine

Open the article to view the coverage from World NEWS Live

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Wednesday, July 23, 2025.
Sources are mostly out of (0)

Similar News Topics

Technology icon

Technology

Germany icon

Germany

You have read 1 out of your 5 free daily articles.

News
For You
SearchBlindspotLocal