Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack

Threat Level

70% CSO Online 9 hours ago Part of cluster #1270

Popular configuration packages for integrating Prettier with ESLint, the widely used code formatting tools within JavaScript and TypeScript projects, were hijacked after a maintainer fell victim to a phishing scheme. According to a Socket observation, packages like eslint-config-prettier and eslint-plugin-prettier were compromised hours after the open-source supply chain security firm reported an npm phishing campaign using the typosquatted npnjs.com domain . “The attacker published malicious ve...

Continue Reading on Original Site

Threat Intelligence

Ransomware 1

core

Malware 1

DYEPACK

Attack Types 2

Phishing Supply Chain Attack

Vulnerabilities 1

RCE

MITRE ATT&CK 2

Phishing Supply Chain Compromise

Business Intelligence

Companies 1

GitHub

Platforms 1

Windows

Technical Indicators

Domains

npnjs.com

Information

Article ID: #4244
Published: 9 hours ago
Source: CSO Online

Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack

Recommended Articles

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch

Apple alerted Iranians to iPhone spyware attacks, say researchers

Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day

Cloud Logging for Security and Beyond

Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab

Recommended Articles

Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch

Apple alerted Iranians to iPhone spyware attacks, say researchers

Google, Microsoft say Chinese hackers are exploiting SharePoint zero-day

Cloud Logging for Security and Beyond

Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab

Save to Folder

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies