Security News > 2024 > December > Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

2024-12-20 08:39
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
News URL
https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
Related news
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- GitHub supply chain attack spills secrets from 23,000 projects (source)
- Supply chain attack on popular GitHub Action exposes CI/CD secrets (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Hackers target AI and crypto as software supply chain risks grow (source)