New Supply Chain Attack Threatens Workstations and CI Environments via Malicious npm Package Scripts

26 May 2025

SupplyChainAttacknpmPackagesMaliciousScriptsWorkstationsCIEnvironmentsDataEspionage

A new type of supply chain attack threatens workstations and CI environments through malicious scripts embedded in npm packages. These scripts spy on internal data to prepare for further attacks. The article does not mention specific technical details or real impacts.

Read the original article on heise.de

New Supply Chain Attack Threatens Workstations and CI Environments via Malicious npm Package Scripts | Cyber Hub