Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Friday, 30 January

Thursday, 19 June, 2025

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

A new supply chain attack targeting popular npm and PyPI packages linked to GlueStack has infected approximately 1 million weekly downloads by injecting high-risk malware into 16 modules. The malicious code enables attackers to execute shell commands, exfiltrate files, take screenshots, and persists even after updates. Additionally, credential-stealing and file-wiping Python and Ruby packages pose further threats. Users are urged to revert to safe versions and audit dependencies urgently.

Read full story at The Hacker News

Tags:malware supply chain GlueStack

Download the TechShots App

IT Trends Move Fast. Stay Faster.

Android iOS

Categories

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Also Read

Kaspersky Alerts Users to Sophisticated New Scam Targeting OpenAI Teamwork Tools

Nvidia, Microsoft, and Amazon Eye Massive $60 Billion Investment in OpenAI Expansion

Tesla Beats Revenue Estimates Despite Slower Vehicle Deliveries as Services Surge

SpaceX and xAI Explore Blockbuster Merger Ahead of Historic $1.5 Trillion IPO

Apple Achieves Record Revenue in India Driven by Explosive Growth

South Korean Police Summon Coupang’s Interim CEO Over Major Data Breach Probe

Fintech Firm Marquis Blames SonicWall Firewall Vulnerability for Massive Data Breach

Why Invisible IT is Becoming a Critical Strategic Priority for India’s Top CIOs

IndusInd Bank Appoints Ravi Kumar Pangal as New Chief Information Officer

Download the TechShots App

Subscribe To Our Newsletter.