Researchers at JFrog traced a fresh npm supply chain attack to North Korea’s Lazarus group, six lookalike packages built to steal developer credentials and cloud keys.
Tag:
npm supply chain attack
-
-
TLDR The Shai-Hulud npm attack represents the first successful self-replicating worm in the JavaScript ecosystem. This npm supply chain attack compromised over 180 packages between September 14-16, 2025. The malware …