A sophisticated supply chain attack targeting developers emerged on Friday, July 18, 2025, when cybercriminals compromised several popular npm packages, including the widely used eslint-config-prettier package.
The attack, dubbed "Scavenger" by security researchers due to multiple references to "SCVNGR" strings in the malware variants,...
Developers are facing a sophisticated new threat as cybercriminals launch targeted phishing campaigns against npm package maintainers, using advanced typosquatting techniques to steal credentials and potentially compromise the software supply chain.
A recent incident has revealed the alarming sophistication of these attacks, which specifically...