Cybersecurity researchers have uncovered a prolonged supply chain attack leveraging a malicious npm package, @0xengine/xmlrpc, which has been active for over a year. Initially introduced as a legitimate XML-RPC implementation for Node.js in October 2023, the package underwent a malicious transformation starting with version 1.3.4, published just days after its initial release. By November 2024, … Continue reading Malicious npm Package Exploiting Developers in Supply Chain Attack