A threat actor published a post on a dark web forum, advertising an account takeover vulnerability for npm, a package manager for JavaScript.
The alleged vulnerability has several capabilities according to the post. It can target the npm accounts of specific organizations or developers and allow for the injection of backdoors. It can result in the compromise of all devices related to the organization or to those developers’ packages. The vulnerability also allows access to organizations. This can result in ransom negotiations or public disclosures.
The threat actor states that no PoC is provided in order to protect the integrity of the exploit. The transactions are processed through an escrow for reliability and the threat actor recommends IntelBroker for this.
No price is stated in the post.