XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner
November 28, 2024 at 06:08AM Researchers found a year-long software supply chain attack on the npm package registry involving the malicious package @0xengine/xmlrpc, which harvested sensitive data and mined cryptocurrency. Discovered by Checkmarx, it exploited trust in dependencies. Additionally, ongoing malicious campaigns using counterfeit packages target multiple platforms, including Roblox developers. ### Meeting Takeaways – … Read more