The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s support@npmjs.org address, directing developers to a typosquatted domain, npnjs.com a near-identical proxy of the legitimate […]
The post NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
This article has been indexed from GBHackers Security | #1 Globally Trusted Cyber Security News Platform