Feross (@feross) “Another day, another MASSIVE npm supply chain attack. If you haven't installed @” — TopicDigg
Feross
@feross
⚡️ Founder + CEO @SocketSecurity ( • 🌲 Visiting lecturer @Stanford ( • ❤️ Open source @WebTorrentApp + @StandardJS
加入 August 2008
1.6K 正在关注 40.5K 粉丝
Another day, another MASSIVE npm supply chain attack.
If you haven't installed @SocketSecurity yet (it's free!), you should have done this yesterday. The second best time to install it is today!
🚨 Socket detected malicious activity in newly published versions of node-ipc, an npm package with 822K weekly downloads.
Affected versions:
node-ipc@9.1.6
node-ipc@9.2.3
node-ipc@12.0.1
Socket’s AI scanner flagged the malware within ~3 minutes of publication.
Early analysis shows obfuscated stealer/backdoor behavior, including host fingerprinting, local file enumeration, payload wrapping, and attempted exfiltration.
显示更多
