World's Largest Supply Chain Cyber Attack... And just 5 Cents Stolen?

You probably saw the headlines: the world’s largest npm supply chain attack, chalk and debug-js packages with BILLIONS of downloads compromised, followed by another attack compromising 187 npm packages—now up to 500+.

Sounds catastrophic, right? But a contrarian report came out claiming the entire fallout might have cost developers… about five cents. 🤡

So which is it? Is this the next big attack, or is it overhyped clickbait? Dive in👇

About the author

Ax Sharma

Ax Sharma is a UK-based security researcher, journalist and TV subject matter expert experienced in malware analysis and cybercrime investigations. His areas of interest include open source software security and threat intel analysis. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

See author's posts