from vk6flab@lemmy.radio to cybersecurity@infosec.pub on 09 Sep 00:44
https://lemmy.radio/post/9284845
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.
krebsonsecurity.com/…/18-popular-code-packages-ha…
The story includes perspectives from @GossiTheDog who has been following this saga all day today w/ updates here:
cyberplace.social/…/115169881407789957
Also comment and information from Josh Junon, who quickly replied that he was aware of having just been phished:
news.ycombinator.com/item?id=45169794
For an impact assessment, consider that 2 billion downloads per week translates to 24 million downloads in two hours.
threaded - newest