On September 8, 2025, a massive npm supply chain attack compromised 18 foundational JavaScript packages, putting billions of applications at risk. This sophisticated incident began with a phishing campaign targeting a prominent package maintainer, Josh Junon, who was lured into providing his login and two-factor authentication (2FA) credentials on a fake npm website. Attackers then used this access to publish malicious updates containing […]
Read more »
