"A hacker pushed malicious versions of the widely used JavaScript library called Axios, which developers rely on to allow their software to connect to the internet. The affected library was hosted on npm, a software repository that stores code for open-source projects."
"Hackers are increasingly targeting developers of popular open-source projects in an effort to mass-hack anyone who relies on the compromised code, potentially granting the hackers access to vast numbers of affected devices."
"Security company Aikido, which also investigated the incident, said anyone who downloaded the code 'should assume their system is compromised.'"
A hacker modified the popular JavaScript library Axios to deliver malware, affecting millions of developers. The malicious versions were hosted on npm and downloaded extensively. The attack was detected and mitigated within three hours. Supply chain attacks are increasingly targeting open-source projects, allowing hackers to access numerous devices through compromised code. Security firms have advised anyone who downloaded the malicious version to assume their systems are compromised. The hacker gained access by compromising a primary developer's account, enabling the insertion of malicious code.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]