PANews reported on September 16th that Scam Sniffer detected another attack targeting the NPM supply chain. @ctrl/tinycolor (downloaded 2.2 million times weekly) released a malicious version that runs an information stealer during npm's postinstall script to scan for and steal sensitive data. This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/updates, and pin to a known safe version.PANews reported on September 16th that Scam Sniffer detected another attack targeting the NPM supply chain. @ctrl/tinycolor (downloaded 2.2 million times weekly) released a malicious version that runs an information stealer during npm's postinstall script to scan for and steal sensitive data. This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/updates, and pin to a known safe version.
Another attack on the NPM supply chain: @ctrl/tinycolor releases a malicious version
PANews reported on September 16th that Scam Sniffer detected another attack targeting the NPM supply chain. @ctrl/tinycolor (downloaded 2.2 million times weekly) released a malicious version that runs an information stealer during npm's postinstall script to scan for and steal sensitive data. This malicious payload abuses the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, suspend installation/updates, and pin to a known safe version.
Market Opportunity
PinLink Price(PIN)
$0.1109
$0.1109$0.1109
USD
PinLink (PIN) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
What We Know So Far About Reported Tensions at Bitmain
The post What We Know So Far About Reported Tensions at Bitmain appeared on BitcoinEthereumNews.com. Posts on X (Twitter) suggest that Bitmain co-founder Micree
Share
BitcoinEthereumNews2025/12/22 05:07
Galaxy Digital’s head of research explains why bitcoin’s outlook is so uncertain in 2026
Markets
Share
Share this article
Copy linkX (Twitter)LinkedInFacebookEmail
Share
Coindesk2025/12/22 05:25
İşte Altcoinlerde Yeni Haftada Mutlaka Takip Edilmesi Gerekenler!
Kripto para analisti The DeFi Investor, yeni haftaya girilirken altcoin piyasasında öne çıkan gelişmeleri ve takip edeceği projeleri paylaştı. Analistin değerlendirmelerine
Share
Coinstats2025/12/22 04:42