Skip to content
The Nexus
SECURITYApr 22 · 12:57 UTCBLEEPING COMPUTERBill Toulas

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and self-spreading by publishing malicious packages from compromised accounts. The attack exploits the npm package distribution system to propagate and exfiltrate authentication tokens.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this