Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers' npm tokens.
The captured tokens were then used to publish malicious versions of the packages directly to the registry without any source code commits or pull requests on their respective GitHub repositories.
The list of affected packages and their rogue versions,accordingto Socket, is listed below -
eslint-config-prettier (versi...
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
The Hacker News
4 hours ago
A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked asCVE-2025-53770(CVSS score: ...
