Source link : https://tech365.info/hackers-slipped-a-trojan-into-the-code-library-behind-a-lot-of-the-web-your-workforce-might-be-affected/
Attackers stole a long-lived npm entry token belonging to the lead maintainer of axios, the preferred HTTP shopper library in JavaScript, and used it to publish two poisoned variations that set up a cross-platform distant entry trojan. The malicious releases goal macOS, Home windows, and Linux. They had been stay on the npm registry for roughly three hours earlier than removing.
Axios will get greater than 100 million downloads per week. Wiz studies it sits in roughly 80% of cloud and code environments, touching every little thing from React front-ends to CI/CD pipelines to serverless capabilities. Huntress detected the primary infections 89 seconds after the malicious bundle went stay and confirmed no less than 135 compromised methods amongst its prospects throughout the publicity window.
That is the third main npm provide chain compromise in seven months. Each one exploited maintainer credentials. This time, the goal had adopted each protection the safety group really helpful.
One credential, two branches, 39 minutes
The attacker took over the npm account of @jasonsaayman, a lead axios maintainer, modified the account electronic mail to an nameless ProtonMail deal with, and revealed the poisoned packages by means of npm’s command-line interface. That bypassed the mission’s GitHub Actions CI/CD pipeline totally.
The attacker by no means touched the Axios supply code. As an alternative, each launch branches acquired a single new dependency: plain-crypto-js@4.2.1. No…
—-
Author : tech365
Publish date : 2026-04-01 05:24:00
Copyright for syndicated content belongs to the linked Source.
—-
1 – 2 – 3 – 4 – 5 – 6 – 7 – 8