On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 popular JavaScript packages with over 2.6 billion weekly downloads. By tricking a maintainer into revealing credentials and 2FA codes, attackers injected crypto-stealing malware into widely used libraries. This blog unpacks how it happened, which packages were hit, and the critical lessons for developers. The post How One Phishing Email Compromised 18 npm Packages and Billions of Installs appeared first on Strobes Security.
First seen on securityboulevard.com
Jump to article: https://securityboulevard.com/2025/09/how-one-phishing-email-compromised-18-npm-packages-and-billions-of-installs/
