NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers

The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s [email protected] address, directing developers to a typosquatted domain, npnjs.com a near-identical proxy of the legitimate […]

The post NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

​The original article found on GBHackers Security | #1 Globally Trusted Cyber Security News Platform Read More