Security News > 2025 > March > New npm attack poisons local packages with backdoors

New npm attack poisons local packages with backdoors

2025-03-26 12:00

Two malicious packages were discovered on npm (Node package manager) that covertly patch legitimate, locally installed packages to inject a persistent reverse shell backdoor. [...]

News URL

https://www.bleepingcomputer.com/news/security/new-npm-attack-poisons-local-packages-with-backdoors/

#attack #backdoor #NPM

Related news

North Korea targets crypto developers via NPM supply chain attack (source)
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks (source)
New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.