Acumen Cyber

Fake npm 2FA reset email led to compromise of popular code packages

September 9, 2025

Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. …

Resources

Download: Strengthening Identity Security whitepaper
Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI
eBook: A quarter century of Active Directory

Don't miss

Malicious Rust packages targeted Web3 developers
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
Smart grids are trying to modernize and attackers are treating it like an invitation
A day in the life of the internet tells a bigger story
AI vs. you: Who’s better at permission decisions?

Acumen Cyber

Fake npm 2FA reset email led to compromise of popular code packages

Featured news

Resources

Don't miss