<ul><li>A supply chain attack targeted NPM, compromising 16 popular Gluestack 'react-native-aria' packages with over 950K weekly downloads.</li><li>The attack involved injecting malicious code with Remote Access Trojan (RAT) capabilities into packages' files, affecting 16 out of 20 packages.</li><li>Approximately 960,000 weekly downloads were affected by the compromised packages, and researchers believe the same threat actors were behind a previous attack on the 'rand-user-agent' package.</li><li>Aikido Security attempted to notify Gluestack about the ongoing supply chain attack but has not received a response yet, urging users to stay updated on the situation.</li></ul>

Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages

Discover more