BeyondMachines 
NPM supply chain attack compromises 17 popular React Native packages
A supply chain attack compromised 17 widely-used GlueStack NPM packages under @react-native-aria between June 6-7, 2025, affecting packages with over a million weekly downloads by injecting heavily obfuscated remote access trojan (RAT) malware through compromised automation tokens lacking two-factor authentication.
**If you're using any GlueStack @react-native-aria packages, check your package.json files and update to the latest safe versions. Then scan your systems for signs of compromise and review firewall logs for any suspicious outbound connections to unknown command-and-control servers. If you are a code publisher, make sure all your NPM publishing tokens are secure and have MFA enforced.**
#cybersecurity #infosec #attack #activeattack
https://beyondmachines.net/event_details/npm-supply-chain-attack-compromises-17-popular-react-native-packages-d-0-p-1-w/gD2P6Ple2L
NPM supply chain attack compromises 17 popular React Native packages
A supply chain attack compromised 17 widely-used GlueStack NPM packages under @react-native-aria between June 6-7, 2025, affecting packages with over a million weekly downloads by injecting heavily obfuscated remote access trojan (RAT) malware through compromised automation tokens lacking two-factor authentication.