NPM Package '.is' Suffers Supply Chain Attack, Compromising 2.2 Million Weekly Downloads; Developer Credentials Hacked via Phishing Emails - Chip

7 x 24 Track global technological trends

Hot Topic

Day

News Topic

NPM Package '.is' Suffers Supply Chain Attack, Compromising 2.2 Million Weekly Downloads; Developer Credentials Hacked via Phishing Emails

2 week ago / Read about 0 minute

Author：小编

The popular lightweight JavaScript utility library, boasting over 2.2 million weekly downloads on the NPM platform, encountered a significant security breach on July 19, 2025. The developer behind this project became a victim of a phishing attack, leading to the compromise of their account credentials. Leveraging this vulnerability, hackers released a malicious version embedded with a backdoor, designed to execute code remotely. This incident underscores a critical security risk for developers who rely on this library.

Previous page：GIC Boosts Americas Asset Allocation to 49%

Next page：Surging Demand for AI Chip Repairs in China: Vendo...

Return to List

Hot Reading

2 day ago

Security flaws in a carmaker’s web portal let one hacker remotely unlock cars from anywhere

1 day ago

Grok Is So Deeply Antisemitic That Showing It a Picture of Some Random Clouds in the Sky Prompts an Outrageously Offensive Answer

1 day ago

LLMs’ “simulated reasoning” abilities are a “brittle mirage,” researchers find

1 day ago

All the pains of Intel: from CPU design and process technologies to internal clashes and political pressure