Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Sunday, 20 July

Thursday, 19 June, 2025

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

A new supply chain attack targeting popular npm and PyPI packages linked to GlueStack has infected approximately 1 million weekly downloads by injecting high-risk malware into 16 modules. The malicious code enables attackers to execute shell commands, exfiltrate files, take screenshots, and persists even after updates. Additionally, credential-stealing and file-wiping Python and Ruby packages pose further threats. Users are urged to revert to safe versions and audit dependencies urgently.

Read full story at The Hacker News

Tags:malware supply chain GlueStack

Categories

Supply Chain Malware Hits npm & PyPI Libraries, Exposing Millions of Developers

Also Read

OpenAI Partners with Google Cloud to Scale AI Compute Capacity

IBM Launches Agentic AI Innovation Center in Bengaluru to Power Enterprise AI Agents

Trump Signs GENIUS Act, Creating First U.S. Stablecoin Framework

Perplexity AI Eyes Mobile Dominance by Pre-Installing Comet AI Browser with OEMs

Reliance Launches Ajio Rush for 4‑Hour Fashion Delivery Amid Quick Commerce Boom

Microsoft to Sign EU AI Code of Practice as Meta Opts Out, Splitting Big Tech

IIT Students Tape Out 8 Chipsets, Sent to Fabs Under India Semiconductor Push

xAI’s Grok Teased with Meme Generator Feature—“Something Very Cool Is Brewing”

Microsoft to Embrace EU AI Code of Practice, While Meta Opts Out Over Legal Concerns

Subscribe To Our Newsletter.