Hackers left empty-handed after massive NPM supply-chain attack

Hackers left empty-handed after massive NPM supply-chain attack

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it.

Ledger warns of NPM attack thwarted by malware coding errors

Ledger warned of a major NPM supply chain attack targeting cryptocurrency wallets, thwarted due to malware coding errors preventing widespread fund theft.

Massive NPM Supply Chain Attack Earned Attackers Only $600

A massive NPM supply chain attack that hit about 10% of all cloud environments yielded little for the hackers who engineered the compromise. That’s the conclusion of a pair of reports that looked at the compromise that hit popular NPM packages like ansi-styles, debug and chalk that are downloaded more than 2 billion times a week. Project maintainer Josh Junon – aka “qix” – said on GitHub that he was fooled by a “2FA reset email that looked shock…

Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack

A sophisticated npm supply chain attack that surfaced in late August targeted thousands of downstream projects by injecting malicious payloads into popular JavaScript libraries. Initial reports pointed to a new variant of the notorious Typosquatting technique, but further analysis revealed… Read more → The post Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack appeared first on IT Security News.

Hackers Reap Minimal Gains From Massive Npm Supply Chain Breach - Cybernoz - Cybersecurity News

On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used packages, most notably debug, chalk, and dozens of related dependencies. Within two hours of the initial compromise, maintainers identified and acknowledged the bre…

Hackers Reap Minimal Gains from Massive npm Supply Chain Breach

On September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-used packages, most notably debug, chalk, and dozens of related dependencies. Within two hours of the […] The post Hackers Reap Minimal Gains from Massive npm Supply Cha…