Tuesday, 17 March, 2026
Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers
By Isha
A new supply chain attack targeting popular npm and PyPI packages linked to GlueStack has infected approximately 1 million weekly downloads by injecting high-risk malware into 16 modules. The malicious code enables attackers to execute shell commands, exfiltrate files, take screenshots, and persists even after updates. Additionally, credential-stealing and file-wiping Python and Ruby packages pose further threats. Users are urged to revert to safe versions and audit dependencies urgently.
Read full story at The Hacker News