资讯

Securities.io3 小时

NPM Supply-Chain Attack: What Happened and How to Fix It

Qix is an open source maintainer account that was compromised by a phishing attack. This allowed attackers to infect 18 popular npm packages with malicious code. Together, these packages are ...

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

An attack targeting the Node.js ecosystem was just identified — but not before it compromised 18 npm packages that account ...

Node.js 生态遭遇史上最大规模攻击,速查!

9 月 8 日,Node.js 生态链遭遇前所未有的冲击。资深 npm 维护者 Qix(Josh Junon) 因一封钓鱼邮件泄露了账户,攻击者趁机在多个热门包里植入了恶意代码。这次事件迅速引爆社区,成为开源史上下载量最大的供应链攻击之一。