Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Monday, 9 June, 2025

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

A new supply chain attack targeting popular npm and PyPI packages linked to GlueStack has infected approximately 1 million weekly downloads by injecting high-risk malware into 16 modules. The malicious code enables attackers to execute shell commands, exfiltrate files, take screenshots, and persists even after updates. Additionally, credential-stealing and file-wiping Python and Ruby packages pose further threats. Users are urged to revert to safe versions and audit dependencies urgently.

Read full story at The Hacker News

Tags:malware supply chain GlueStack

Categories

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Also Read

India Requires Starlink to Disclose Users of Seized Kits Under New Satcom Permit

Karnataka to Finalize New IT Policy by July, Aiming Beyond Bengaluru

Chinese Hackers and User Lapses Create ‘Mobile Security Crisis’ in US

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Wipro Consumer Care Ventures Leads $1M Round in Indian D2C Pet-Food Startup Goofy Tails

Manish Gupta Appointed as Dell Technologies India President and MD

Anysphere's Cursor Achieves $9.9B Valuation, Surpasses $500M in Annual Recurring Revenue

Over 284 Companies, Including Google, Microsoft, and Intel, Slash Jobs

Genpact Acquires XponentL Data to Strengthen AI and Data Strategy Capabilities

Subscribe To Our Newsletter.