2 matches found
[email protected] contains malware after npm account takeover
Impact On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
PT-2025-37749
Name of the Vulnerable Software and Affected Versions: is-arrayish versions prior to 0.3.4 Description: The is-arrayish package was compromised through a phishing attack on an npm publishing account. Version 0.3.3 was published with a malware payload designed to redirect cryptocurrency transactio...