Packages
-
Blog
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. The supply chain attack, spotted by both Sonatype and Socket researchers, deployed the XMRig cryptocurrency miner on compromised systems for mining the hard-to-trace Monero privacy cryptocurrency. Additionally, Sonatype discovered that all three npm packages fell…
Read More » -
Blog
How to Make Sure Your Packages Don’t Get Stolen
Contact the Retailer. Retailers have different policies on handling package thefts. Some, such as Target, have fine-print clauses saying the risk of loss passes to the buyer when the purchase is delivered to the shipping company. Still, it doesn’t hurt to ask. According to our survey, this is the most common action that victims take, with 58 percent of Americans…
Read More »
