The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain threats, featuring self-propagating malware that automatically spreads across the ecosystem. Diagram showing how phishing emails with malicious URLs or HTML […]

The post Popular NPM Package ‘ctrl/tinycolor’ with 2M Weekly Downloads and 40+ Others Compromised in Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/npm-package-2/