The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s support@npmjs.org address, directing developers to a typosquatted domain, npnjs.com a near-identical proxy of the legitimate […] The post NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/npm-is-package-with-2-8m-weekly-downloads-exploited/
