Huge NPM Supply Chain Attack Goes Out With Whimper
from DarkReading 09 September indexed on 10 September 2025 20:01Threat actors phished Qix's NPM account, then used their access to publish poisoned versions of 18 popular open source packages accounting for more than 2 billion weekly downloads.
Read more.
