Security News > 2024 > December > Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack

2024-12-20 08:39
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry. The latest
News URL
https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html
Related news
- Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
- Ripple NPM supply chain attack hunts for private keys (source)
- Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers (source)
- Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
- Supply chain attack hits npm package with 45,000 weekly downloads (source)
- RVTools hit in supply chain attack to deliver Bumblebee malware (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)