It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.

  • Unicent
    link
    fedilink
    arrow-up
    3
    ·
    2 years ago

    Interesting! I wonder how much of this is already happening that people just haven’t noticed yet.