A sophisticated supply chain attack has compromised several widely-used npm packages, including eslint-config-prettier and eslint-plugin-prettier, after threat actors successfully stole maintainer authentication tokens through a targeted phishing campaign. The attack leveraged a typosquatted domain, npnjs.com, designed to mimic the legitimate npmjs.org site and harvest developer credentials through convincing phishing emails. The malicious campaign represents a […]
The post Threat Actors Hijack Popular npm Packages to Steal The Project Maintainers’ npm Tokens appeared first on Cyber Security News.
This article has been indexed from Cyber Security News