skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Rspack npm Packages Infiltrated by Malware

/ 1 min read

🦠 Rspack npm packages compromised in supply chain attack. Developers of Rspack reported that two of their npm packages, @rspack/core and @rspack/cli, were infiltrated by a malicious actor who published versions containing cryptocurrency mining malware. The compromised versions, 1.1.7, have been removed from the npm registry, with 1.1.8 being the latest safe release. The malware, which executes automatically upon installation, collects sensitive data and targets specific countries, including China and Russia. In response, Rspack maintainers invalidated npm and GitHub tokens, audited their code, and are investigating the token theft. This incident underscores the urgent need for enhanced security measures in package management systems to prevent similar attacks in the future.

Source
{entry.data.source.title}
Original