ATTACK: Widespread npm Ecosystem Compromise Targets Software Dependencies

CISA warned of a widespread compromise affecting the npm ecosystem and software dependencies used across many applications.

Supply Chain teams using JavaScript-based analytics and Decision Apps should verify package versions, rotate exposed credentials and monitor build environments.

More details are available in the CISA alert.