{"id":7109,"date":"2025-10-16T08:50:05","date_gmt":"2025-10-16T06:50:05","guid":{"rendered":"https:\/\/www.tec4net.com\/web\/?p=7109"},"modified":"2025-11-10T17:03:10","modified_gmt":"2025-11-10T16:03:10","slug":"31421","status":"publish","type":"post","link":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/","title":{"rendered":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen"},"content":{"rendered":"

Sicherheitsforscher von Socket warnen vor einem Supply-Chain-Angriff auf NPM-Pakete. \u00dcber 40 Pakete sind betroffen, darunter @ctrl\/tinycolor, das w\u00f6chentlich Millionen Mal heruntergeladen wird. Der Schadcode sammelt automatisch Anmeldedaten wie Tokens und Schl\u00fcssel, die anschlie\u00dfend weitergeleitet werden.<\/p>\n

Entwicklern wird empfohlen, die kompromittierten Versionen zu meiden und gereinigte Versionen zu verwenden. Zudem sollten gespeicherte Zugangsdaten auf betroffenen Systemen schnell ersetzt werden. Der Angriff k\u00f6nnte eine Folgeattacke auf fr\u00fchere Sicherheitsl\u00fccken im JavaScript-\u00d6kosystem sein.<\/p>\n

Quelle:
\nhttps:\/\/www.golem.de\/news\/millionen-von-downloads-schadcode-in-ueber-40-npm-pakete-eingeschleust-2509-200119.html<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Wir sind Experten f\u00fcr Datenschutz und IT-Sicherheit<\/strong><\/p>\n

Profitieren Sie von unserer umfassenden Beratung zu den Themen Datenschutz und IT-Sicherheit. Unser erfahrenes Team unterst\u00fctzt Sie dabei, Ihre Website und digitalen Dienste datenschutzkonform zu gestalten um die gesetzlichen Vorgaben zu erf\u00fcllen.<\/p>\n

Kontaktieren Sie uns noch heute und sichern Sie sich praxisnahe Beratung zur Umsetzung der DSGVO und Normen wie ISO 27001, PCI-DSS oder TISAX.<\/p>\n

Datenschutz und IT-Sicherheit praktikabel umsetzen – tec4net GmbH<\/strong><\/p>\n

\n

www.tec4net.com<\/a> \u2013 www.it-news-blog.com<\/a> \u2013 www.it-sachverstand.info<\/a> \u2013 www.datenschutz-muenchen.com<\/a> \u2013 www.it-sicherheit-muenchen.com<\/a><\/p>\n

 <\/p>\n

Alle unsere NEWS -> http:\/\/news.tec4net.com<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Sicherheitsforscher von Socket warnen vor einem Supply-Chain-Angriff auf NPM-Pakete. \u00dcber 40 Pakete sind betroffen, darunter @ctrl\/tinycolor, das w\u00f6chentlich Millionen Mal heruntergeladen wird. Der Schadcode sammelt automatisch Anmeldedaten wie Tokens und Schl\u00fcssel, die anschlie\u00dfend weitergeleitet werden. Entwicklern wird empfohlen, die kompromittierten Versionen zu meiden und gereinigte Versionen zu verwenden. Zudem sollten […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[5528,5526,5527,5523,5529,5525,5524],"yoast_head":"\nSchadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net<\/title>\n<meta name=\"description\" content=\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net\" \/>\n<meta property=\"og:description\" content=\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\" \/>\n<meta property=\"og:site_name\" content=\"tec4net\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-16T06:50:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-10T16:03:10+00:00\" \/>\n<meta name=\"author\" content=\"Matthias Walter\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"Matthias Walter\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"1\u00a0Minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\"},\"author\":{\"name\":\"Matthias Walter\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b\"},\"headline\":\"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen\",\"datePublished\":\"2025-10-16T06:50:05+00:00\",\"dateModified\":\"2025-11-10T16:03:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\"},\"wordCount\":196,\"publisher\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\"},\"keywords\":[\"Beratung zu Sicherheitsnormen IT\",\"Datenschutz bei Softwarepaketen\",\"EDV-Gutachten zu Sicherheitsl\u00fccken\",\"Malware in NPM-Paketen erkennen\",\"NPM-Pakete sichere Nutzung\",\"Schadcode-Analyse f\u00fcr Entwickler\",\"Supply-Chain-Angriffe IT-Sicherheit\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\",\"url\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\",\"name\":\"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net\",\"isPartOf\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#website\"},\"datePublished\":\"2025-10-16T06:50:05+00:00\",\"dateModified\":\"2025-11-10T16:03:10+00:00\",\"description\":\"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003\",\"breadcrumb\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.tec4net.com\/web\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#website\",\"url\":\"https:\/\/www.tec4net.com\/web\/\",\"name\":\"tec4net\",\"description\":\"Ihr starker IT-Partner\",\"publisher\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tec4net.com\/web\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#organization\",\"name\":\"tec4net\",\"url\":\"https:\/\/www.tec4net.com\/web\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png\",\"contentUrl\":\"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png\",\"width\":178,\"height\":163,\"caption\":\"tec4net\"},\"image\":{\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b\",\"name\":\"Matthias Walter\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g\",\"caption\":\"Matthias Walter\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net","description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/","og_locale":"de_DE","og_type":"article","og_title":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net","og_description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","og_url":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/","og_site_name":"tec4net","article_published_time":"2025-10-16T06:50:05+00:00","article_modified_time":"2025-11-10T16:03:10+00:00","author":"Matthias Walter","twitter_card":"summary_large_image","twitter_misc":{"Verfasst von":"Matthias Walter","Gesch\u00e4tzte Lesezeit":"1\u00a0Minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#article","isPartOf":{"@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/"},"author":{"name":"Matthias Walter","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b"},"headline":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen","datePublished":"2025-10-16T06:50:05+00:00","dateModified":"2025-11-10T16:03:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/"},"wordCount":196,"publisher":{"@id":"https:\/\/www.tec4net.com\/web\/#organization"},"keywords":["Beratung zu Sicherheitsnormen IT","Datenschutz bei Softwarepaketen","EDV-Gutachten zu Sicherheitsl\u00fccken","Malware in NPM-Paketen erkennen","NPM-Pakete sichere Nutzung","Schadcode-Analyse f\u00fcr Entwickler","Supply-Chain-Angriffe IT-Sicherheit"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/","url":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/","name":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen - tec4net","isPartOf":{"@id":"https:\/\/www.tec4net.com\/web\/#website"},"datePublished":"2025-10-16T06:50:05+00:00","dateModified":"2025-11-10T16:03:10+00:00","description":"Unsere IT-Experten beraten Sie im Bereich Consulting, IT-Security und Datenschutz in M\u00fcnchen | tec4net GmbH - seit 2003","breadcrumb":{"@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.tec4net.com\/web\/2025\/10\/16\/31421\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.tec4net.com\/web\/"},{"@type":"ListItem","position":2,"name":"Schadcode in \u00fcber 40 NPM-Paketen entdeckt \u2013 Millionen Downloads betroffen"}]},{"@type":"WebSite","@id":"https:\/\/www.tec4net.com\/web\/#website","url":"https:\/\/www.tec4net.com\/web\/","name":"tec4net","description":"Ihr starker IT-Partner","publisher":{"@id":"https:\/\/www.tec4net.com\/web\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tec4net.com\/web\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.tec4net.com\/web\/#organization","name":"tec4net","url":"https:\/\/www.tec4net.com\/web\/","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/","url":"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png","contentUrl":"https:\/\/www.tec4net.com\/web\/wp-content\/uploads\/2018\/12\/t4n_Logo_startseite.png","width":178,"height":163,"caption":"tec4net"},"image":{"@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/eb2c0c81b5ce5b0320d91188184d409b","name":"Matthias Walter","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.tec4net.com\/web\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c8945f23c3708dc375c12592ec9c9a7e?s=96&d=mm&r=g","caption":"Matthias Walter"}}]}},"_links":{"self":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/7109"}],"collection":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/comments?post=7109"}],"version-history":[{"count":4,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/7109\/revisions"}],"predecessor-version":[{"id":7342,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/posts\/7109\/revisions\/7342"}],"wp:attachment":[{"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/media?parent=7109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/categories?post=7109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tec4net.com\/web\/wp-json\/wp\/v2\/tags?post=7109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}