binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts

📅 4 June 2026 at 21:09 UTC📰 Cyber Security NewsView original source ↗

A self-replicating worm has been quietly spreading across the npm registry using a method most security teams do not watch for. Instead of hiding inside package.json scripts, the attacker weaponized a tiny configuration file called binding.gyp to trigger malicious code the moment a developer runs npm install. The campaign hit dozens of packages across multiple […] The post binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts appeared first on Cyber Security News.

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed