National Cyber Warfare Foundation (NCWF)

How One Phishing Email Compromised 18 npm Packages and Billions of Installs
0 user ratings		2025-09-09 14:15:45
milo
Blue Team (CND)

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 popular JavaScript packages with over 2.6 billion weekly downloads. By tricking a maintainer into revealing credentials and 2FA codes, attackers injected crypto-stealing malware into widely used libraries. This blog unpacks how it happened, which packages were hit, and the critical lessons for developers.


The post How One Phishing Email Compromised 18 npm Packages and Billions of Installs appeared first on Strobes Security.


The post How One Phishing Email Compromised 18 npm Packages and Billions of Installs appeared first on Security Boulevard.



Shubham Jha

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/09/how-one-phishing-email-compromised-18-npm-packages-and-billions-of-installs/?utm_source=rss&utm_medium=rss&utm_campaign=how-one-phishing-email-compromised-18-npm-packages-and-billions-of-installs

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.