%term

npm Supply Chain Attack: What Happened and How to Protect Your Software

Sep 11, 2025 By SignMyCode In SignMyCode

On September 8, 2025, a large-scale npm supply chain attack quickly compromised 18 popular packages (with the 18 packages representing more than 2.6 billion weekly downloads within the bioinformatics ecosystem). Attackers hijacked a maintainer’s account by impersonating npm support in a phishing campaign to upload backdoored versions of popular packages like chalk, debug, ansi-styles, and supports-color.

Read Post

SignMyCode

Read more about npm Supply Chain Attack: What Happened and How to Protect Your Software

Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses

Sep 11, 2025 By Karl Sigler In LevelBlue

LevelBlue’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. LevelBlue, and its affiliated entities, do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients. Should new information arise that alters this assessment, we will provide an update directly.

Read Post

LevelBlue

Read more about Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses

Advanced Domain Protection and Threat Takedown Solutions for Cybersecurity

Sep 11, 2025 By SecuritySenses In SecuritySenses

The digital landscape has become increasingly hostile, with cybercriminals exploiting domain vulnerabilities to launch sophisticated attacks against organizations worldwide. As businesses expand their online presence, the need for robust domain protection and effective domain takedown mechanisms has never been more critical. Modern enterprises face an evolving threat landscape where malicious actors register deceptive domains to steal credentials, distribute malware, and damage brand reputation through sophisticated phishing campaigns.

Read Post

SecuritySenses

Read more about Advanced Domain Protection and Threat Takedown Solutions for Cybersecurity

Not All Cyberattacks Begin with a Phishing Attack, Hack or Exploited Vulnerability

Sep 10, 2025 By Trustwave In Trustwave

In a day and age when cyber threats are top of mind, it may be difficult for an organization to shift gears and take its physical security precautions into consideration. This is to protect not only a firm’s physical assets but direct access to networks and information that an attacker could use at a later date for a cyberattack.

Read Post

Trustwave

Read more about Not All Cyberattacks Begin with a Phishing Attack, Hack or Exploited Vulnerability

Unpacking the Recent npm Supply Chain Attack: What We Know So Far

Sep 10, 2025 By Foresiet In Foresiet

The software supply chain has once again come under fire, with npm — the world’s largest package ecosystem — at the center of one of the most significant compromises to date. Recent findings suggest that attackers successfully hijacked a maintainer account through phishing, injecting malicious code into popular open-source packages with billions of weekly downloads.

Read Post

Foresiet

Read more about Unpacking the Recent npm Supply Chain Attack: What We Know So Far

The Great NPM Heist - September 2025

Sep 10, 2025 By Adi Bleih In Cyberint

On September 8, 2025, the JavaScript ecosystem experienced what is now considered the largest supply chain attack in npm history. A sophisticated phishing campaign led to the compromise of a trusted maintainer’s account, resulting in the injection of cryptocurrency-stealing malware into 18+ foundational npm packages. These packages collectively accounted for over 2 billion weekly downloads, affecting millions of applications globally—from personal projects to enterprise-grade systems.

Read Post

Cyberint

Read more about The Great NPM Heist - September 2025

Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure

Sep 9, 2025 By Link11

The threat landscape surrounding distributed denial-of-service (DDoS) attacks intensified significantly in the first half of 2025, according to the latest Link11 European Cyber Report. Documented attacks targeting the Link11 network increased by 225% compared to the same period in 2024. The report highlights not only a marked rise in attack frequency but also a substantial escalation in their duration, intensity, and technical sophistication.

Read Post

Read more about Link11 Reports 225% more DDoS attacks in H1 2025 with new tactics against infrastructure

Largest npm Attack in History - Updated

Sep 9, 2025 By Andrey Polkovnichenko In JFrog

(Nov 26, 2025) JFrog continues to track, provide research and document a second wave of the Shai-Hulud Software Supply Chain Attack. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 621 new malicious packages across leading public registries.

Read Post

JFrog

Read more about Largest npm Attack in History - Updated

duckdb npm packages compromised

Sep 9, 2025 By Charlie Eriksen In Aikido

Over night, starting at 01:16 UTC on September 9th, we were alerted to more packages being compromised, these included: These packages all had a new version 1.3.3 released (In the case of the wasm version, it was version 1.29.2), which contained the same malicious code as we saw in the compromise of packages with 2 billion+ downloads.

Read Post

Aikido

Read more about duckdb npm packages compromised

What You Need To Know About the NPM Supply Chain Attack

Sep 9, 2025 By Aviram Shmueli In Jit

Aviram Shmueli is a distinguished cybersecurity and cloud computing expert with a background steeped in 8200 and the Israeli Ministry of Defense. He has over 20 years of hands-on and senior managerial experience in engineering and product management. Yesterday, a critical supply chain attack impacting 18 widely used npm packages was disclosed. These packages collectively account for nearly 2 billion weekly downloads.

Read Post