"On September 24th, the crates.io team was notified by Kirill Boychenko from the Socket Threat Research Team of two malicious crates which were actively searching file contents for Etherum private keys, Solana private keys, and arbitrary byte arrays for exfiltration."
https://blog.rust-lang.org/2025/09/24/crates.io-malicious-crates-fasterlog-and-asyncprintln/
Fuck paper bitcoin summer, this is supply chain attack summer.
lol, indeed!
I am fixing 4 moderate severity vulnerabilities on vite js / plugin react ., is that connect with the the post above
Nope. post above is about Rust crates, but there have been a huge number of similar attacks on npm packages recently too.
Pretty scary attack actually
https://www.paloaltonetworks.com/blog/cloud-security/npm-supply-chain-attack/
NPM
Package mostly installed from
Git hub repo , and sometimes they show you , like 4 moderate vulnerabilities until 3 severe vulnerability for example … always be cautions and careful to download . Sometimes there is so much version deprecated ⚠️
