Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT
Source: Sonatype
Published:
<p>Attackers do not need to wait fo r a CVE whe n they can publish directly into the build.</p> <p>That is what Sonatype observed in two compromised versio ns of @common-stack/generate-plugin (CVSS 8.7), a n npm package with more than 1,100 weekly downloads. Sonatype identified and flagged the compr