Security News > 2025 > April > Ripple NPM supply chain attack hunts for private keys

Ripple NPM supply chain attack hunts for private keys

2025-04-23 18:28

A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.…

News URL

https://go.theregister.com/feed/www.theregister.com/2025/04/23/ripple_npm_supply_chain/

#attack #NPM #supplychain

Related news

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack (source)
Supply chain attack hits npm package with 45,000 weekly downloads (source)
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks (source)
Magento supply chain attack compromises hundreds of e-stores (source)
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack (source)
RVTools hit in supply chain attack to deliver Bumblebee malware (source)
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack (source)

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.