SUNDAY, JUNE 28, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

Two-Line Supply Chain Attack Targets npm via Rogue Registry

By Meridian48 News Desk · Summarised from DEV Community ·

A pull request to the etherscan-api npm package added a .npmrc file redirecting package resolution to an attacker-controlled HTTP server. The social engineering used a believable profile and a plausible refactor description. The attack could compromise all dependencies during install, not just the new package.

Meridian48 take
The attack's simplicity—two lines in .npmrc—underscores how easily supply chain attacks can bypass human review, even in well-maintained projects.
Read the full reporting
A Rogue Registry in My Own Backyard: Anatomy of a Two-Line Supply Chain Attack →
DEV Community
supply-chain-attacknpm-security
More security briefs
Security

Using LXC Containers to Isolate X11 Apps for Better Security

Hacker News · 3h ago
Security

MCP Access Control Bug Found and Automated Scanner Built to Catch It

DEV Community · 1h ago
Security

Keyless AWS Access: How a Hackathon Project Eliminated Static Secrets

DEV Community · 38m ago
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan