Checkmarx Finds Threat Actor ‘Fully Automating’ NPM Supply Chain Attacks 

Threat hunters at Checkmarx on Monday raised an alarm after discovering a threat actor fully automating the creation and delivery of “hundreds of malicious packages” into the NPM ecosystem. The Checkmarx warning comes on the heels of Snyk’s discovery of “deliberate sabotage” of NPM package managers and raises new concerns about the software supply chain threat landscape.

About the Author

About the Author

Never miss an update. Subscribe today!

By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the Checkmarx Privacy Policy and to
the processing of my personal data as described therein. By clicking submit below, you consent to allow Checkmarx
to store and process the personal information submitted above to provide you the content requested.
Skip to content