Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were hacked due to stolen npm tokens, resulting in the release of malicious versions that installed cryptominers. This supply chain attack, identified by researchers from Sonatype and Socket, deployed the XMRig miner to secretly mine Monero cryptocurrency on affected systems. The compromised code hid in specific JavaScript ...
Cybersecurity experts are raising alarms about a recent supply chain attack on the popular @solana/web3.js npm library, which is widely used for developing Solana applications. Malicious versions 1.95.6 and 1.95.7 were found to contain harmful code designed to steal users’ private keys, risking the loss of cryptocurrency from their wallets. The compromised versions are no ...
Cybersecurity experts have identified a serious software supply chain attack affecting the popular @solana/web3.js npm library, which has over 400,000 weekly downloads. Malicious versions 1.95.6 and 1.95.7 were found to contain harmful code designed to steal users’ private keys and drain cryptocurrency wallets. The threat likely originated from a phishing incident that compromised maintenance accounts, ...
Cybersecurity researchers have revealed a year-long software supply chain attack on the npm package registry, initiated by the seemingly harmless library @0xengine/xmlrpc. This package, which originally functioned as a JavaScript XML-RPC server for Node.js, was compromised shortly after its launch to include malicious code capable of stealing sensitive information and mining cryptocurrency. The malicious features ...
