CSO Online

Expired domain leads to supply chain attack on node-ipc npm package

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...
Bleeping Computer

Popular node-ipc npm package compromised to steal credentials

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...
Cryptopolitan on MSN

Node-IPC supply chain attack targets crypto devs

Attackers hijacked a dormant npm maintainer account and pushed malicious node-ipc versions that steal crypto keys, AWS tokens ...