The latest wave of npm-centric phishing has taken a darker turn with the hijack of the ubiquitous is utility, a module pulled 2.8 million times every week. On 19 July 2025 attackers, armed with stolen maintainer credentials, slipped malicious versions 3.3.1 and 5.0.0 into the registry, seamlessly propagating the backdoor through ordinary dependency resolution. The […]
The post npm ‘is’ Package With 2.8M Weekly Downloads Weaponized to Attack Developers appeared first on Cyber Security News.
This article has been indexed from Cyber Security News