New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
GitHub

CrossBase_net_sockets_CB_Net_Sockets.js.html

* @license Creative Commons Attribution 4.0 International. See more at {@link https://crossbrowdy.com/about#what_is_the_crossbrowdy_copyright_and_license}. if (typeof ...
SecurityWeek

North Korean Hackers Target High-Profile Node.js Maintainers

The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. After inviting Saayman to a Slack workspace, the hackers scheduled a ...