Security researchers say they have discovered the first attack on the open source software supply chain specifically targeting the banking sector. That's according to a report published by Checkmarx on July 21, 2023. On April 5 and 7, a threat actor used the NPM platform to upload some packages that contained a pre-installed script. When it was installed, the malicious code was executed, attempting to carry out a supply chain attack against banks. Details in the above report and in The Hacker News article.
Advertising
