A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have confirmed that three newly published versions of node-ipc, a package with over 822,000 weekly downloads, contain obfuscated stealer and backdoor payloads, marking the second major supply chain compromise of this package since 2022. The affected versions are [email protected], [email protected], and […]
The post node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack appeared first on Cyber Security News.