Security News > 2024 > December > Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
2024-12-20 08:39
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
News URL
https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- It's only a matter of time before LLMs jump start supply-chain attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- Supply chain attack hits Chrome extensions, could expose millions (source)