Post Ay28EnETvJSZ3P4AbI by chesheer@mastodon.bsd.cafe
 (DIR) More posts by chesheer@mastodon.bsd.cafe
 (DIR) Post #Ay28EnETvJSZ3P4AbI by chesheer@mastodon.bsd.cafe
       2025-09-09T11:41:49Z
       
       0 likes, 1 repeats
       
       Another NPM supply chain attack, this time it affects packages with around 2 billion weekly downloads total.Looks like it tries to intercept and change crypto transactions.This is why I dislike "supply chain languages" like JavaScript, Go, Rust, Ruby.With them it's always "when", not "if".https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/
       
 (DIR) Post #Ay28Ew70uRpkaqdpi4 by chesheer@mastodon.bsd.cafe
       2025-09-09T11:44:14Z
       
       0 likes, 0 repeats
       
       And here's another sign of the times: original article contains link to the description of the attack someone posted on Github.And it is... an analysis of the malware that is made by ChatGPT.Oh dear.