18 Popular npm Packages Compromised in Attack

, By The New Stack
Tech

Share via:


Aikido Security detected a series of packages being pushed to npm that appeared to contain malicious code, according to a post by Charlie Eriksen, a security researcher with the firm.

These were 18 popular packages with more than 2 billion downloads per week, according to Eriksen.

“The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and…



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Previous News
DeepMind CEO Says AI Could Shorten Drug Discovery From Years to Months
Next News
Urban Company IPO Frenzy 2025: All You Need to Know
The New Stack

Popular

More Like this

Load more

18 Popular npm Packages Compromised in Attack

, Published By The New Stack
Tech


Aikido Security detected a series of packages being pushed to npm that appeared to contain malicious code, according to a post by Charlie Eriksen, a security researcher with the firm.

These were 18 popular packages with more than 2 billion downloads per week, according to Eriksen.

“The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and…



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

Previous News
DeepMind CEO Says AI Could Shorten Drug Discovery From Years to Months
Next News
Urban Company IPO Frenzy 2025: All You Need to Know
The New Stack

More like this

Zepto IPO: Quick commerce firm plans to raise Rs...

Tech The Economic Times -
Quick commerce platform Zepto will file its draft...

Ola Electric Bags INR 367 Cr PLI Incentive On...

Tech INC42 -
SUMMARY The incentives are expected to strengthen Ola’s liquidity...

Donald Knuth’s 2025 Christmas Lecture: The Knight’s Tours

Tech The New Stack -
“It’s that time of the year!” read the...
Load more

Popular

Block title

Startup Events

Trending News

About

Partnership

Contact us

© 2025 StartupNews.fyi | DOTFYI Media Ventures Private Limited. All Rights Reserved.