Security researchers from ReversingLabs have uncovered a series of high-profile compromises targeting popular open-source packages, highlighting the growing risk of malicious code infiltration in widely-used software tools. The researchers discovered cryptomining malware had been injected into packages associated with rspack and vant. The compromises of these frequently downloaded tools were made possible using stolen npm tokens.
Why the industry can’t afford complacency in 2025
The rise in cyber threats, technology mishaps, and AI use in 2024 shows the cyber security industry must be more proactive in 2025. Infrastructure fragility