Ataque masivo a la cadena de suministro de npm compromete cientos de paquetes

Hackers orchestrated what is likely the largest supply‑chain attack ever 2 billion weekly npm downloads, compromising nearly two dozen open‑source packages. The breach began with a phishing email that tricked maintainer "Qix" into revealing his two‑factor authentication credentials. Within an hour, malicious code was added to dozens of packages, enabling the theft of cryptocurrency by monitoring transactions and redirecting payments to attacker‑controlled wallets. Researchers say the targeted selection of foundational JavaScript libraries vastly expands the attack’s reach across the ecosystem. Leer más