A trusted npm package downloaded over 822,000 times weekly has been weaponized in a sophisticated supply chain attack, sending shockwaves through the JavaScript developer community. Security researchers at Socket discovered multiple malicious versions of the node-ipc library packed with credential-stealing malware and hidden backdoor functionality. The compromised versions [email protected], 9.2.3, and 12.0.1 were flagged within […]
The post 822K-Download node-ipc Package Compromised in Supply Chain Breach appeared first on Cyber Security News.