BleepingComputer reports that nearly a dozen npm packages, including the widely used 'country-currency-map' package and other cryptocurrency-related packages, have been hijacked with malicious JavaScript code that facilitated the compromise of environment variables, including API and encryption keys, as well as cloud and database credentials.
Only country-currency-map, among nine other infostealer-laced packages, has been removed from npm, according to an analysis from Sonatype, which believed the previously spotless packages to have been targeted by threat actors using the same technique. "Given the concurrent timing of the attacks on multiple packages from distinct maintainers, the first scenario (maintainer accounts takeover) appears to be a more likely scenario as opposed to well-orchestrated phishing attacks," said Sonatype. Threat actors were also more likely to have exploited inadequate npm maintainer account security in conducting the attack, as evidenced by the absence of malware compromise among the impacted npm projects' respective GitHub repositories.
Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.
Attacks involving ransomware were discovered by NCC Group to have totaled 600 in March which is 32% lower than in February but 46% higher than the same month last year with the month-to-month decline believed by NCC Head of Threat Intelligence Matt Hull to be a "red herring" after the recent surge in intrusions, Infosecurity Magazine reports.
