Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Massive npm Package Supply Chain Attack: 2 Billion Weekly Downloads Compromised

2025-09-09
Massive npm Package Supply Chain Attack: 2 Billion Weekly Downloads Compromised

On September 8th, security researchers discovered a massive supply chain attack targeting 18 popular npm packages, accumulating over 2 billion weekly downloads. The malware silently intercepts crypto and Web3 activity in browsers, manipulating wallet interactions and redirecting funds to attacker-controlled accounts. The attacker compromised the maintainer's account via phishing emails, silently updating the packages. While some affected packages have been cleaned, caution is advised; utilize secure npm package management practices.

Read more
(www.aikido.dev)
Development

Supply Chain Attack Targets XRP Ledger SDK: Backdoor Steals Private Keys

2025-04-22
Supply Chain Attack Targets XRP Ledger SDK: Backdoor Steals Private Keys

On April 21st, Aikido Intel detected five new versions of the official XRP Ledger SDK (xrpl package) containing malicious code. Attackers inserted a backdoor into the official NPM package to steal cryptocurrency private keys and access cryptocurrency wallets. The attackers leveraged the package's widespread use, creating a potentially catastrophic supply chain attack. The malicious code sends private keys to a newly registered domain, 0x9c[.]xyz. The attackers iteratively refined their attack, starting with modifications to the bundled JavaScript code and progressing to altering the TypeScript source before compilation, to obscure their actions. This attack highlights the vulnerability of software supply chains.

Read more
(www.aikido.dev)
Tech