Security News > 2024 > December > Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack
2024-12-20 08:39
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
News URL
https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
Related news
- Blue Yonder ransomware attack disrupts grocery store supply chain (source)
- Crypto companies are losing ground to deepfake attacks (source)
- XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Crypto-stealing malware posing as a meeting app targets Web3 pros (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- OpenWrt orders router firmware updates after supply chain attack scare (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Ultralytics Supply-Chain Attack (source)