SECURITYTHE HACKER NEWS
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A coordinated supply chain attack has compromised eight packages on Packagist, injecting malicious code that executes a Linux binary hosted on GitHub Releases. The attack targeted JavaScript projects by inserting malicious content into package.json, bypassing composer.json in Composer packages.
Mentioned
Related Signal
Adjacent reporting
- DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
- Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
- Why the Axios attack proves AI is mandatory for supply chain security
- New Shai-Hulud malware wave compromises 600 npm packages
- Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
- Axios NPM Package Compromised in Precision Attack