A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).
https://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/
BleepingComputer /
npub1j7…v7hg2
2025-06-07 19:31:37
Author Public Key
npub1j7dz37jrwqhehe8ydzpk5kcjpnzzv53h7s54lj62nv5w9fcar34suv7hg2Published at
2025-06-07 19:31:37Event JSON
{
"id": "e7a6a36dfe2352bad497754c1edb5d594109e3192a0db52ad4b96d757af35fa5",
"pubkey": "979a28fa43702f9be4e468836a5b120cc4265237f4295fcb4a9b28e2a71d1c6b",
"created_at": 1749324697,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/114643743373474401",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).\n\nhttps://www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/",
"sig": "da9656d0f8e218ffd2f884bea2af3b58f744b7cb8e1d22e0dc4df3ed207236cdf00725414546d202775d418f76d2bbcfa3da8a44d8b2709d09f368d0c57fd9af"
}