黑客通过使用失窃的证书 破坏了18npm套件 影响了数十亿次下载 Hackers compromised 18 npm packages, affecting billions of downloads, by using stolen credentials.

黑客已经暴露了18个 npm 套件, 影响超过26亿每周下载, Hackers have compromised 18 npm packages, affecting over 2.6 billion weekly downloads, by exploiting a maintainer's phished credentials. 恶意软件劫持了加密货币交易 将资金转移到攻击者控制的钱包 The malware hijacks cryptocurrency transactions, redirecting funds to attacker-controlled wallets. 这标志着最大的供应链袭击之一,突出表明需要加强安全措施,如两要素认证。 This marks one of the largest supply-chain attacks, highlighting the need for enhanced security measures like two-factor authentication. 这一事件还强调了不断变化的威胁格局,即将大赦国际的工具和开放源码生态系统重新用于网络犯罪,并强调了严格审查和行业协作的重要性。 The incident also underscores the evolving threat landscape, where AI tools and open-source ecosystems are repurposed for cybercrime, emphasizing the importance of rigorous vetting and industry collaboration.