20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

September 9, 2025

Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack.

The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by clicking on

SOURCE:

Share the Post:

Related News

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to

[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them

⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

Related News

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities

[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them

Company

Services

Contact Us