Blog Home
npm Patching Breach -_Thumbnail

Still Trusting Automated Patches Blindly? Think Again
July 23, 2025

The Breach: A High-Impact Compromise JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million …

Read More
dome over boxes to show security over software packages

N-Day Hijack: Analyzing the lifespan of package hijacking attacks
December 14, 2023

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case …

Read More

Popular Tags