Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking the S3 bucket serving binaries necessary for its function and replacing them with malicious ones

It seems like attackers have discovered a way to leverage NPM packages to deliver malicious binaries without needing to make any changes to the NPM package itself.

  • Unicent
    3·
    1 year ago

    Interesting! I wonder how much of this is already happening that people just haven’t noticed yet.